US Pat. No. 10,250,729

MOBILE TERMINAL

LG Electronics Inc., Seo...

1. A mobile terminal comprising:a case unit comprising a plurality of case parts defining an outer appearance;
a waterproof member configured to waterproof a gap between the plurality of case parts;
an inner space formed by coupling of the plurality of case parts with the waterproof member;
a sound output unit mounted in the inner space;
an electronic component mounted in the inner space;
at least one processor configured to control the sound output unit;
a resonance space provided in the inner space and configured to resonate sound that is output from the sound output unit; and
a sound hole provided at one side of the case unit and configured to output a first sound,
wherein a sound pressure level of a second sound output by vibration of the case unit due to vibration of the first sound is higher than a sound pressure level of the first sound in a low-frequency sound range, and
wherein, in a state in which the case unit is placed on a mounting surface, a third sound is generated by the mounting surface due to vibration of the second sound.

US Pat. No. 10,250,728

COLOR-VARIABLE TERMINAL

HUAWEI TECHNOLOGIES CO., ...

1. A color-variable terminal, comprising:a housing that is partially transparent or entirely transparent;
a liquid crystal light adjustment film located inside the housing and covering a transparent area of the housing, the terminal being configured to apply a control voltage to the liquid crystal light adjustment film, the liquid crystal light adjustment film being in a transparent state when an amplitude of the control voltage is greater than or equal to a preset threshold, and the liquid crystal light adjustment film being in a non-transparent state when the amplitude of the control voltage is less than the preset threshold; and
a coating located inside the housing, the coating and the transparent area of the housing are respectively located on two sides of the liquid crystal light adjustment film, a color of the liquid crystal light adjustment film in the non-transparent state being different from a color of the coating.

US Pat. No. 10,250,727

MAGNIFICATION AND LIGHTING ATTACHMENT FOR MOBILE TELEPHONES

1. A camera attachment for a mobile phone with a camera lens and an illumination component to photograph an object, comprising:a support configured to be nonmovably attached to the mobile phone;
a carrier member movably mounted to the support, the carrier member configured to be movable relative to the mobile phone, the carrier member comprises a semi-annular opening having a first side and a second side;
a first lens station mounted to the carrier member adjacent the first side of the semi-annular opening, the first lens station comprising a lens;
a second lens station mounted to the carrier member on the second side of the semi-annular opening, the second lens station comprising a lens operationally separate from the lens of the first lens station; and
at least one light component mounted to the carrier member;
wherein the carrier member is configured to move between a first position and a second position with the support attached to the mobile phone; and
wherein, in the first position, the first lens station is in alignment and optically coupled with the lens of the mobile phone to optically magnify the object to be photographed by the mobile phone, and the light component is in alignment and optically coupled with the illumination component of the mobile phone to illuminate the object to be photographed by the mobile phone and the separate, second lens station is out of alignment and not optically coupled with the lens of the mobile phone; and wherein, in the second position, the first lens station is out of alignment and not optically coupled with the lens of the mobile phone, the light component is out of alignment and not optically coupled with the illumination component of the mobile phone, and the second lens station is in alignment and is optically coupled with the lens of the mobile phone.

US Pat. No. 10,250,726

CLIP FOR MOUNTING EXTERNAL DEVICE TO ELECTRONIC DEVICE

1. A device-and-clip system for an electronic device having a front face with a display screen thereon, a rear face opposite to the front face, and an edge between the front and rear faces, the device-and-clip system comprising:an external device that is separate from the electronic device and which has an external device feature, wherein the external device is cooperable with the electronic device when the external device feature is aligned with an electronic device feature on the rear face to perform a selected function;
a clip including
a first clip arm having an arm marker thereon and which is engageable with the front face;
a second clip arm that is engageable with the rear face, wherein the first and second clip arms are connected to one another and are movable between an open position to permit removal of the clip from the electronic device and a closed position in which the first and second clip arms clamp the electronic device, wherein the external device is mounted to the clip; and
wherein the clip has a clip limit surface that is engageable with the edge of the electronic device to determine a reach of the external device feature on the rear face of the electronic device,
wherein the clip limit surface is positioned such that, for a first type of electronic device in which the electronic device feature is positioned at a first distance from the edge, the clip is mountable to the first type of electronic device with the external device feature aligned with the electronic device feature on the rear face such that the clip limit surface is spaced from the edge,
and for a second type of electronic device in which the electronic device feature is positioned at a second distance from the edge that is different than the first distance, the clip is mountable to the second type of electronic device with the external device feature aligned with the electronic device feature on the rear face of the second type of electronic device.

US Pat. No. 10,250,725

METHOD OF L2 LAYER DATA PACKET PROCESSING AND ELECTRONIC DEVICE USING THE SAME

Acer Incorporated, New T...

1. A method of data packets processing applicable to an electronic apparatus, the method comprising:generating, by a higher L2 sublayer before receiving an uplink (UL) grant, protocol data units (PDUs) of the higher L2 sublayer, wherein each PDU of the higher L2 sublayer comprises one or more SDUs of the higher L2 sublayer;
generating, by a lowest L2 sublayer before receiving the UL grant, subheaders for each of service data units (SDUs) of the lowest L2 sublayer, wherein each SDU of the lowest L2 sublayer is equivalent to each PDU of the higher L2 sublayer;
performing, by the lowest L2 sublayer, a logical channel prioritization (LCP) procedure for the SDUs in response to receiving the UL grant;
generating, by the lowest L2 sublayer based on a result of the LCP procedure, a PDU of the lowest L2 sublayer by multiplexing a portion of the SDUs of the lowest L2 sublayer and the subheaders of the portion of the SDUs; and
modifying, by the lowest L2 sublayer, the last subheader within the PDU.

US Pat. No. 10,250,724

SOFTWARE UPGRADE IN A HOME NETWORK USING LOWER LAYER MESSAGING

Entropic Communications, ...

1. A home-based server for use in a coaxial cable network of a home, where the coaxial cable network of the home comprises an open network that is user modifiable and a closed network that is not user modifiable, the home-based server comprising:a first transceiver configured to communicate with an external server over a communication network external to the home and not over the coaxial cable network of the home;
a second transceiver configured to communicate with a client device over the coaxial cable network of the home and not over the communication network external to the home; and
processing circuitry configured to:
utilize the first transceiver to receive a software update image from the external server; and
utilize the second transceiver to communicate the received software update image to the client device over the closed network of the coaxial cable network of the home.

US Pat. No. 10,250,723

PROTOCOL-LEVEL IDENTITY MAPPING

BlueTalon, Inc., Redwood...

1. A method, comprising:intercepting, by an identity mapping system, a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the identity mapping system intercepts the user request at a protocol level that is outside of the application program;
determining, by the identity mapping system, a user protocol in which the client device submitted the user request;
authenticating the user request based on the user credentials;
upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access;
determining service credentials associated with the service;
generating a service request by the identity mapping system, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and
submitting the service request by the identity mapping system to the distributed computing system, wherein the identity mapping system includes one or more computer processors.

US Pat. No. 10,250,722

TCP TRAFFIC PRIORITY BANDWIDTH MANAGEMENT CONTROL BASED ON TCP WINDOW ADJUSTMENT

SONICWALL INC., Milpitas...

1. A method for managing bandwidth in a computer network, the method comprising:receiving a first packet sent from a first client;
identifying a first traffic class associated with the first packet;
receiving a second packet;
identifying a second traffic class associated with the second packet;
identifying that the first traffic class and the second traffic class are competing for shared bandwidth;
monitoring a first number of bytes received that are associated with the first traffic class over a first interval of time;
calculating a competitive base adjusted window value based on the identified competition for the shared bandwidth;
assigning a first traffic priority index to the first traffic class;
calculating a first traffic class input rate associated with the first number of bytes received that are associated with the first traffic class over the first interval of time;
calculating a first priority window size to associate with packets of the first traffic class that is proportional to the first traffic priority index and to the calculated competitive base adjusted window value and that is inversely proportional to a total priority count, wherein the total priority count is a count of a number of priority classes to which one of the packets is assigned;
calculating a value of a first prioritized adjusted window to include in an acknowledge message to send to the first client, wherein the calculation of the first prioritized adjusted window value is a function of the first priority window size and the competitive base adjusted window value;
transmitting the acknowledge message to the first client, wherein the acknowledge message includes the first prioritized adjusted window value, and the first client changes a first transmitted number of bytes sent in one or more packets; and
receiving the one or more packets over a second interval of time of the first traffic class, wherein the received one or more packets of the first traffic class include a number of bytes corresponding to a changed first number of bytes value.

US Pat. No. 10,250,721

SYSTEM AND METHOD FOR TESTING APPLICATIONS WITH A LOAD TESTER AND TESTING TRANSLATOR

JPMORGAN CHASE BANK, N.A....

1. A method for load testing a server operable to receive messages from a client computer, the messages being in a first format incompatible with a load testing tool, the method comprising:receiving, by a processor, a message in the first format from the client computer;
performing a first operation and a second operation in parallel,
the first operation including:
forwarding, by the processor, the message in the first format to a server, and the second operation including:
selecting, by the processor, a first conversion instruction set from a plurality of conversion instruction sets for converting the message in the first format;
executing, by the processor, the selected first conversion instruction set to convert the message in the first format incompatible with the load testing tool to a message in a second format compatible with the load testing tool, the message in the first format including at least one binary file; and
forwarding, by the processor, the message in the second format to the load testing tool;
receiving, by the processor and from the load testing tool, a load message in the second format to test the server;
selecting, by the processor, a second conversion instruction set from the plurality of conversion instruction sets according to the first format compatible with the server; and
automatically, by the processor, executing the selected second conversion instruction set to convert the load message in the second format compatible with the load testing tool to a load message in the first format, the load message in the second format including at least one extensible markup-language file.

US Pat. No. 10,250,720

SHARING IN AN AUGMENTED AND/OR VIRTUAL REALITY ENVIRONMENT

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:generating, by a computing device operating in an ambient environment, a virtual environment;
receiving, by a processor of the computing device, a selection of a virtual item by a selection device in virtual contact with the selected virtual item, the selected virtual item representing content associated with the selected virtual item;
tracking movement of the selection device in virtual contact with the selected virtual item;
projecting a virtual trajectory for propulsion of the selected virtual item based on the tracked movement of the selection device in virtual contact with the selected virtual item;
identifying a target recipient for the selected virtual item, including:
detecting a plurality of possible recipients in the virtual environment, the plurality of possible recipients respectively corresponding to a plurality of virtual representations in the virtual environment;
detecting an attractive force associated with each of the plurality of possible recipients, wherein the attractive force is based on a commonality between a characteristic of the content of the selected virtual item and a characteristic of each of the plurality of possible recipients; and
identifying the target recipient based on the projected virtual trajectory for the propulsion of the selected virtual item and the detected attractive force associated with each of the plurality of possible recipients; and
sharing the content of the selected virtual item with the identified target recipient.

US Pat. No. 10,250,719

INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND RECORDING MEDIUM

CANON KABUSHIKI KAISHA, ...

1. An information processing apparatus comprising:a search unit configured to instruct a plurality of print plug-ins having at least a printer search function to search for a printer; and
a display unit configured to display, if the plurality of print plug-ins are instructed to perform the search, a first screen which includes (1) a first object for setting, as a printer to which contents are to be output, a printer detected by search processing performed by the plurality of print plug-ins instructed to perform the search and includes (2) a second object for shifting to a second screen but does not include (3) a link to a download page of a print plug-in that is not installed, and to display, in response to an instruction given to the second object in the first screen, the second screen which includes (4) the link to the download page of the print plug-in that is not installed.

US Pat. No. 10,250,718

SYSTEM AND METHOD TO SUPPORT CODEC DELIVERY MODELS FOR IMS NETWORKS

International Business Ma...

1. A computer program product comprising a non-transitory computer usable storage medium having readable program code tangibly embodied in the storage medium, wherein the computer program product, when executed by a processor in a server, causes the processor to perform steps of:receiving a first request at the server for first content from a first user device in communication with the server;
determining, in the server, a first codec required by the first user device for the first content based on stored codec information for the first user device;
determining, in the server, that the first user device does not have the first codec required for the first content using a profile of the first user device, and, using the profile of the first user device, determining to use an online mode to send the first codec with the first content, and based upon that determination, sending the first codec with the first content;
receiving a second request at the server for second content from a second user device in communication with the server;
determining, in the server, a second codec required by the second user device for the second content based on stored codec information for the second user device; and
determining, in the server, that the second user device does not have the second codec required for the second content using a profile of the second user device, and, using the profile of the second user device, determining to use an offline mode to send a reference to the second codec with the second content, and based upon that determination, sending the reference to the second codec with the second content.

US Pat. No. 10,250,717

SCALING CLOUD RENDEZVOUS POINTS IN A HIERARCHICAL AND DISTRIBUTED MANNER

Futurewei Technologies, I...

1. A method implemented in an inter-provider cloud rendezvous point (CRP-IP), the method comprising:receiving, via a receiver of the CRP-IP, a Register request from a first service provider cloud rendezvous point (CRP-SP) in a first service provider (SP) network domain, the Register request indicating a first portion of a virtual extensible network (VXN) with a global scope is hosted by the first SP network domain; and
transmitting, via a transmitter of the CRP-IP, a Report message to a second CRP-SP in a second SP network domain hosting a second portion of the VXN, the Report message indicating the first portion of the VXN is hosted by the first SP network domain,
wherein the CRP-IP acts as a root node of a fixed cloud rendezvous point (CRP) hierarchy comprising the CRP-IP, the first CRP-SP as a first branch node, the second CRP-SP as a second branch node, and a plurality of site cloud rendezvous points (CRP Sites) as leaf nodes.

US Pat. No. 10,250,716

PRIORITY-DRIVEN BOXCARRING OF ACTION REQUESTS FROM COMPONENT-DRIVEN CLOUD APPLICATIONS

salesforce.com, inc., Sa...

1. A system including a user device and a server device, coupled in communication, including:the user device configured to:
determine an action request by a data consuming application that consumes data received from the server responsive to the action request, the action request associated with a priority label applied to a display region rendered by the data consuming application;
place, by a middleware application, the action request into a first batch based on the priority label and a predetermined segregation schedule;
manage, by the middleware application, a pool of request objects; and
send, to the server device via a request object from the pool of request objects, the first request batch as a first boxcar ahead of a second request batch based on the priority label; and
the server device configured to:
receive the first boxcar and forward the action request to an application program of the server;
collect a response to the action request from the application program;
send the response in a second boxcar corresponding to the first boxcar, the second boxcar including other responses associated with the first boxcar.

US Pat. No. 10,250,715

DYNAMIC ADJUSTMENT OF BOXCARRING OF ACTION REQUESTS FROM COMPONENT-DRIVEN CLOUD APPLICATIONS

salesforce.com, inc., Sa...

1. A system, comprising a user device, coupled in communication with a server device, wherein the user device includes a first processor configured to:receive action requests from a data consuming application running on the user device; batch the action requests into a boxcar; dispatch the boxcar of the batched action requests to the server device; receive a responsive boxcar of completed responses from the server device responsive to the action requests; receive a server processing time from the server device for the responsive boxcar of the completed responses; dynamically calculate network communication latency as dispatch-to-completed response time minus the server processing time; and dynamically adjust an inter-boxcar interval used to dispatch a subsequent boxcar of the batched action requests based on at least a quantity of connections supported between the user device and the server device and the calculated network communication latency; and wherein the server device includes a second processor, running at least one application program, configured to: receive the boxcar of the batched action requests; forward the batched action requests to the at least one application program; receive the completed responses from the at least one application program; return the responsive boxcar of the completed responses to the user device; calculate the server processing time as a difference between the receive time of the boxcar of the batched action requests and a time that the responsive boxcar of the completed responses is ready to be returned; and report the calculated server processing time to the user device.

US Pat. No. 10,250,714

PAGE REDIRECTION METHOD, ROUTING DEVICE, TERMINAL DEVICE AND SYSTEM

HUAWEI DEVICE CO., LTD., ...

1. A page redirection method, comprising:receiving, by a routing device, based on a first access request sent by a terminal device, a first access response corresponding to the first access request from a network server, wherein the first access request comprises a first access address of a page that a user needs to access;
when an update is available for a configuration of the routing device, modifying, by the routing device, a return code of the first access response and adding, by the routing device, a second access address of a redirected-to page and the first access address to the first access response, wherein the second access address of the redirected-to page is an access address to a page to update the configuration of the routing device; and
sending, by the routing device, the first access response that includes the return code that is modified, and the second access address of the redirected-to page to the terminal device, wherein the first access response prompts the terminal device to send a second access request according to the return code that is modified, and to open the page that the user needs to access and the redirected-to page upon receiving a second access response returned for the second access request.

US Pat. No. 10,250,713

MANAGING CONTACT STATUS UPDATES IN A PRESENCE MANAGEMENT SYSTEM

International Business Ma...

1. A method for managing online status according to a power event comprising:receiving, via a network communication interface, an indication of the power event occurring at a mobile device for an online identity, wherein the power event causes the mobile device to switch from an external power source to an internal battery, and wherein the device represents that the online identity is online while the mobile device receives power from the internal battery;
holding, at a second device, at least one status update for an online contact of the online identity while the mobile device receives power from the internal battery; and
releasing, for transmission to the mobile device, the at least one status update in response to determining that the mobile device switches back to the external power source.

US Pat. No. 10,250,712

METHOD AND SERVER OF CONFIGURING SCENARIO MODE FOR SMART DEVICES

XIAOMI INC., Haidian Dis...

1. A method for configuring a scenario mode for smart devices, comprising:acquiring device information of a first smart device and a second smart device bounded to a user account;
pushing, according to the device information of the first and second smart devices, a predefined scenario mode template to a controlling device bound to the user account, wherein the predefined scenario mode template corresponds to a scenario mode which associates at least one startup condition for the first smart device to trigger the scenario mode with at least one task to be performed by the second smart device when the scenario mode is triggered;
receiving, from the controlling device, scenario mode template selection information indicating whether a user selects to enable the predefined scenario mode template;
bounding, when the scenario mode template selection information indicates the predefined scenario mode template is enabled, the scenario mode corresponding to the predefined scenario mode template to the user account and configuring the scenario mode according to the device information of the first and second smart devices; and
performing, by the second smart device, the at least one task of the scenario mode when the at least one startup condition is satisfied;
wherein the scenario mode bounded to the user account is configured with parameters selected from: user account information, device type information of the first and second smart devices, device ID information of the first and second smart devices, a startup condition parameter for defining conditions of triggering the scenario mode, and a task parameter for defining actions to be performed in the scenario mode;
wherein the predefined scenario mode template comprises: the device type information of the first smart devices and the second smart devices, the startup condition parameter for defining conditions of triggering the corresponding scenario mode, and the task parameter for defining actions to be performed in the corresponding scenario mode; and
wherein bounding the scenario mode corresponding to the predefined scenario mode template to the user account comprises defining the scenario mode corresponding to the predefined scenario mode template by supplementing the device ID information of the first smart device and the second smart device and the user account information to the predefined scenario mode template.

US Pat. No. 10,250,711

FRACTIONAL PRE-DELIVERY OF CONTENT TO USER DEVICES FOR UNINTERRUPTED PLAYBACK

OPANGA NETWORKS, INC., S...

1. A method, comprising:receiving an indication that content is available for pre-delivery from a content server to a user device over a network;
determining a fraction of the content available for pre-delivery that satisfies one or more predicted content playback conditions by determining a fractional size of the content associated with an uninterrupted playback probability for the content; and
causing the determined fraction of the content available for pre-delivery to be delivered to the user device before the user device receives a request to play back the content,
wherein determining a fraction of the content available for pre-delivery that satisfies one or more predicted content playback conditions includes:
determining the fractional size of the content associated with the uninterrupted playback probability for the content by determining a delivery buffer cumulative credit function (CCF) on a cumulative-distribution function (CDF) curve,
the CDF curve representing a relationship between predicted uninterrupted playback probabilities for new content to be pre-delivered to the user device and outputs of the delivery buffer cumulative credit function for content previously delivered to the user device.

US Pat. No. 10,250,710

SYSTEMS AND METHODS FOR CACHING OF MANAGED CONTENT IN A DISTRIBUTED ENVIRONMENT USING A MULTI-TIERED ARCHITECTURE INCLUDING OFF-LINE ACCESS TO CACHED CONTENT

Open Text SA ULC, Halifa...

1. A system for remote caching, comprising:a processor;
a primary content management server for managing content;
a remote cache system, including:
a cache;
an interface to a network;
a data store for storing metadata corresponding to content stored in the cache, wherein the content in cache is managed by the primary content management server; and
a remote client transfer module, configured for:
accessing the data store to determine if first metadata associated with designated content is stored in the data store;
sending a first request to a primary content transfer module associated with the primary content management server;
receiving a first response from the primary content transfer module including second metadata;
if first metadata associated with the designated content is stored in the data store:
comparing the first metadata to the second metadata to determine if a version of the content stored in the cache is a current version of the content;
if the version of the content stored in the cache is a current version, setting a flag in the first metadata to designate the content as resident;
if the version of the content stored in the cache is not the current version or if no first metadata associated with the designated content is stored in the data store:
sending a second request for the current version of the content to the primary content transfer module;
receiving the current version of the content;
storing the current version of the content in the cache; and
setting a flag in the first metadata to designate the content as resident;
the primary content transfer module configured for:
 receiving the first request associated with the content from the remote client transfer module;
 sending a third request to the primary content management server for the second metadata associated with the content;
 returning the first response, including the second metadata to the remote client transfer module;
 receiving the second request for the current version of the content;
 obtaining the current version of the content from the content management platform;
 returning the current version of the content to the remote client transfer module; and wherein the remote client transfer module is further configured for:
 receiving a fourth request to access the content, wherein the fourth request is associated with a user;
 determining that the primary content transfer module is inaccessible over the network;
 accessing the data store to determine that the requested content is in the cache; and
 providing the content in the cache in response to the fourth request.

US Pat. No. 10,250,709

DATA PROCESSING APPARATUS, CONTROLLER, CACHE AND METHOD

Arm Limited, Cambridge (...

1. A data processing apparatus comprising:a plurality of caches;
a controller configured to control the plurality of caches;
a first network coupling the controller and the plurality of caches; and
a second network coupling the controller and the plurality of caches;
wherein the controller is configured to transmit a unicast communication to a specified one of the plurality of caches via the first network; and
the controller is configured to transmit a multicast communication to at least two of the plurality of caches via the second network,
wherein the multicast communication comprises a cache invalidation request for requesting invalidation of at least some data stored in said at least two caches, and wherein in response to a cache refill request received from a requesting cache of said plurality of caches via the first network, the cache refill request specifying target data to be provided in a cache refill response to the requesting cache via the first network, the controller is configured to initiate a line fill request to fetch the target data from a data store when the target data is not already available to the controller.

US Pat. No. 10,250,708

HIGH PERFORMANCE DISTRIBUTED SYSTEM OF RECORD

Akamai Technologies, Inc....

1. A method, comprising:configuring a set of computing elements to receive and process messages into a blockchain, wherein a message is associated with a transaction to be included in the blockchain, the computing elements organized as a set of computing nodes:
for a given block to be added to the blockchain, associating ordered segments of the block within respective computing nodes, wherein a segment of the block comprises a set of one or more transactions that are unique to the segment; and
processing the block into the blockchain using the ordered segments;
wherein, during processing of the block, transactions within each segment are sequenced and processed concurrently with respect to one another, and wherein segments are processed independently of each other.

US Pat. No. 10,250,707

METHOD AND APPARATUS FOR SELECTING INFORMATION PUSHED-TO TERMINAL

HUAWEI DEVICE (DONGGUAN) ...

1. A method for selecting information pushed-to a terminal, comprising:determining, by a first terminal, a service type of received service information according to a preset terminal service type table;
acquiring, by the first terminal from a terminal status table configured in the first terminal, characteristic information of second terminals coupled to the first terminal;
determining working statuses of the second terminals according to the characteristic information;
selecting, by the first terminal from the second terminals according to a preset information push rule, the service type of the service information, and the working statuses of the second terminals, a target terminal of the information pushed-to the terminal, the target terminal supporting the service information, a working status of the target terminal meeting a requirement for pushing the service information, the preset information push rule being preset by a user according to a condition of the user, the preset information push rule being either preferentially processing a service of a communication type or preferentially processing a service of a non-communication type, the preset information push rule preferentially processing the service information when the service information corresponds to a service type that is a same as a service currently running on one of the second terminals, and the one of the second terminals being selected as the target terminal; and
sending a prompt message of having received the service information to the target terminal.

US Pat. No. 10,250,706

HIERARCHICAL CLUSTERING

Bank of America Corporati...

1. A method comprising:receiving first network usage data for a plurality of user devices, the first network usage data indicating activity by the user devices on a plurality of webpages;
determining a plurality of first-level cluster centroids based on the first network usage data;
assigning each user device to at least one of the first-level cluster centroids;
selecting a first-level cluster centroid from the at least one of the first-level cluster centroids, the user devices assigned to the selected first-level cluster centroid having an average distance to the selected first-level cluster centroid that is greater than a threshold;
determining a plurality of second-level cluster centroids based on the first network usage data for user devices assigned to the selected first first-level cluster centroid;
assigning each user device previously assigned to the selected first first-level cluster centroid to at least one of the second-level cluster centroids;
determining a plurality of clusters based on the first-level cluster centroids and the second-level cluster centroids;
assigning each user device to at least one cluster of the plurality of clusters; and
sending one or more first notifications to user devices associated with a first cluster of the plurality of clusters.

US Pat. No. 10,250,705

INTERACTION TRAJECTORY RETRIEVAL

International Business Ma...

1. A method, comprising:receiving, by one or more computer processors, a natural language action description associated with actions performed by a user on a website;
building, by the one or more computer processors, an interaction graph of the website based on a logical structure of the website, wherein a node in the interaction graph indicates a web component in the website, and an edge in the interaction graph indicates a potential interaction between the user and the website;
marking, by the one or more computer processors, the interaction graph based on the interactions between the user and the website to generate an interaction history;
retrieving, by one or more computer processors, at least one user interaction matching the action description from the interaction history of user interactions between the user and the website by interpreting and converting using semantic analysis by the one or more computer processors each text or verbal clause in the action description into a corresponding action in an action sequence comprising at least one chronologically ordered action;
finding by one or more computer processors in the interaction history, with regard to an action in the action sequence, a user interaction corresponding to the action by determining whether an action type of the interaction corresponds to an action type of the action;
generating, by one or more computer processors, an interaction trajectory associated with a problem that occurred on the website and a technical solution for the problem that occurred on the website, based, at least in part, on the retrieved at least one user interaction; and
implementing the technical solution associated with the action trajectory.

US Pat. No. 10,250,704

REGISTRATION DURING DOWNTIME

EXPERIAN HEALTH, INC., F...

1. A system for enabling registration according to client policies for a client system used for managing creation of client records for a client facility when a client server of the client system is experiencing a downtime event and non-responsive to manage creation of the client records, comprising:a processor; and
a memory storage device including instructions that when executed by the processor are operable to provide:
an advanced services system, in communication with client terminals and third parties, operable to receive registration requests from the client terminals and operable to request and receive supplemental data from the third parties related to the registration requests;
an advanced services database, in communication with the advanced services system, operable to store information for postback to the client server once responsive after the downtime event;
an identifier database, storing the client policies, wherein the client polices relate to how identifiers are used in the client records, wherein a type for the identifiers is set from a global identifier, a local identifier, and an event identifier by the client system; and
a downtime registration service, in communication with the advanced services system and the identifier database, operable to provide the identifiers to the advanced services system to create a new record when the client server is non-responsive, wherein the new record is stored in the advanced services database for postback when the client server is responsive.

US Pat. No. 10,250,703

GEO-LOCATION BASED CONTENT PUBLISHING PLATFORM

Google LLC, Mountain Vie...

1. A computer-implemented method for location-based content publishing, the method comprising:determining, by one or more computing devices, a travel path associated with a mobile device of a user, the travel path comprising one or more future locations;
receiving, by the one or more computing devices, information indicative of a current location of the mobile device of a user while the user is traveling along the travel path and located within a vehicle;
accessing, by the one or more computing devices, a plurality of content items along the travel path, wherein each content item is associated with one of the one or more future locations;
selecting, by the one or more computing devices, at least one content item from the plurality of content items along the travel path based at least in part on the current location of the mobile device and based at least in part on the future location associated with each content item, wherein selecting, by the one or more computing devices, at least one content item from the plurality of content items based at least in part on the information about the current location of the mobile device and based at least in part on the future location associated with each content item comprises identifying, by the one or more computing devices, at least a first content item for which the current location of the mobile device is within a distance threshold from the future location associated with the first content item;
providing, by the one or more computing devices, information to the mobile device about at least a portion of the selected content items for display at the mobile device in anticipation of the user arriving at the future location associated with the portion of the selected content items;
receiving, by the one or more computing devices, a publication mode indicator, wherein the publication mode indicator provides information about the frequency at which the user is interested in receiving content items; and
in response to receipt of the publication mode indicator, adjusting, by the one or more computing devices, the distance threshold.

US Pat. No. 10,250,702

METHOD AND APPARATUS FOR PUSHING INFORMATION

Xiaomi Inc., Beijing (CN...

1. A method for pushing information performed by a router, wherein the router is configured to be connected to a monitoring device, and the method comprises:obtaining a geographic position of at least one target user who carries a device having a network connection with the router;
determining whether a positional relationship between the at least one target user and the monitoring device satisfies a predetermined condition;
when the predetermined condition is satisfied, determining that a current monitoring mode is a key monitoring mode, generating notification information according to monitoring information of the monitoring device;
pushing the generated notification information to a device pre-configured to receive the notification information; and
when the predetermined condition is not satisfied, determining that the current monitoring mode is a common monitoring mode, storing the monitoring information collected by the monitoring device.

US Pat. No. 10,250,700

METHODS AND DEVICES FOR NOTIFYING AUTHORIZATION UPDATE

1. A method for notifying an authorization update, comprising:receiving, by a home network Proximity-based Services (ProSe) functional entity of an announcing terminal, a notification message from a ProSe application server, wherein the notification message is used for notifying the home network ProSe functional entity of the announcing terminal that authorization information changes; and
notifying, by the home network ProSe functional entity of the announcing terminal, a home network ProSe functional entity of a monitoring terminal that a ProSe code and/or filter corresponding to the announcing terminal become/becomes invalid or are/is updated;
wherein after notifying, by the home network ProSe functional entity of the announcing terminal, the home network ProSe functional entity of the monitoring terminal that the ProSe code and/or filter corresponding to the announcing terminal become/becomes invalid or are/is updated, the method further comprises: finding, by the home network ProSe functional entity of the monitoring terminal, the monitoring terminal according to context information of the monitoring terminal, and notifying, by the home network ProSe functional entity of the monitoring terminal, the monitoring terminal that a monitored ProSe code and/or filter have/has become invalid; and/or, notifying, by the home network ProSe functional entity of the monitoring terminal, the updated ProSe code and/or filter to the monitoring terminal, or triggering, by the home network ProSe functional entity of the monitoring terminal, the monitoring terminal to obtain the ProSe code and/or filter again.

US Pat. No. 10,250,699

CENTRALIZED NETWORK CONTROL FOR A CLOUD-BASED SERVICES EXCHANGE

EQUINIX, Inc., Redwood C...

1. A method comprising:providing, by a centralized network control (CNC) system, a software interface to receive respective service requests for configuration of different end-to-end network services within respective portions of an edge network of a plurality of geographically dispersed network data centers that are controlled by the CNC system;
receiving, by the CNC system and via the software interface, the respective end-to-end network service requests to configure different end-to-end network services to respective cloud service provider networks within the respective portions of the edge network of the plurality of geographically dispersed network data centers, wherein the respective portions of the edge network within the plurality of geographically dispersed network data centers connect through one or more cloud-based services exchange points of the plurality of geographically dispersed network data centers, wherein the cloud-based services exchange points are coupled to the respective cloud service provider networks;
generating, by the CNC system and based on the respective end-to-end network service requests, corresponding end-to-end network service definitions that each specifies different service requirements to implement a different end-to-end network service within a different one of the respective portions of the edge network and corresponding service level agreements for the different end-to-end network services;
determining, by the CNC system and based on the corresponding end-to-end network service definitions, corresponding network field units of a plurality of geographically dispersed network field units that are capable of servicing the respective end-to-end network service requests, wherein each of the plurality of geographically dispersed network field units controls a respective portion of the edge network, wherein the corresponding end-to-end network service definitions are usable by the corresponding network field units to configure the respective portions of the edge network to provide the different end-to-end network services; sending, by the CNC system and to the corresponding network field units, the respective end-to-end network service definitions to configure the different end-to-end network services at the respective portions of the edge network;
sending, by the CNC system and to the corresponding network field units, corresponding requests for service assurance of the different end-to-end network services specified by the respective network service definitions; and
providing, by the CNC system, service assurance for the different end-to-end network services by (1) obtaining service telemetry and analytics data for each of the different end-to-end network services from the one or more cloud-based services exchange points, (2) analyzing the service telemetry data to identify at least one anomaly for each of the different end-to-end network services, and (3) in response to identifying the at least one anomaly, executing a remedial action to ensure the different end-to-end network services adhere to the corresponding service level agreements.

US Pat. No. 10,250,698

SYSTEM AND METHOD FOR SECURING PRE-ASSOCIATION SERVICE DISCOVERY

FUTUREWEI TECHNOLOGIES, I...

1. A method for operating a first station in discovering a service, the method comprises:generating, by the first station, a first identifier of the service;
generating, by the first station, a second identifier of the service in accordance with a first parameter;
transmitting, by the first station, a request instructing a generating of a third identifier of the service by a second station, the request including the first identifier of the service and the first parameter;
receiving, by the first station from the second station, a first response including the third identifier of the service;
determining, by the first station, that the first response is valid in response to the second identifier of the service and the third identifier of the service being equal; and
in response to the first response being valid, establishing, by the first station, a connection for the service with the second station.

US Pat. No. 10,250,697

TOKEN BUCKET FLOW-RATE LIMITER

KALRAY, Orsay (FR)

1. A token bucket flow rate limiter for data transmission, comprising:a token counter configured to be incremented at a rate determining the average flow rate of the transmission;
a frequency divider connected to control incrementing of the token counter from a clock, the divider having an integer division factor; and
a modulator configured to alternate the division factor between two different integers so that the resulting average flow rate tends to a programmed flow rate comprised between two boundary flow rates respectively corresponding to the two integers.

US Pat. No. 10,250,696

PRESERVING STATEFUL NETWORK CONNECTIONS BETWEEN VIRTUAL MACHINES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of preserving stateful network connections between virtual machines during a suspend and resume cycle, the virtual machines being interconnected by a network, the computer-implemented method comprising:tracking, by a control instance, based on a suspend operation of a first virtual machine and a second virtual machine, network addresses of the first virtual machine and the second virtual machine;
setting up by the control instance, based on a resume operation, a first router for the first virtual machine and a second router for the second virtual machine, and requesting new network addresses for the first router and the second router;
configuring by the control instance network address translation on the first router and the second router assigned to the first virtual machine and the second virtual machine to map the new network addresses to the network addresses used before suspending the first virtual machine and the second virtual machine, wherein use of the network addresses used before suspending map to the new network addresses subsequent to suspending, such that the network addresses used with the first virtual machine and the second virtual machine before suspending are reused by the first virtual machine and the second virtual machine after resuming the first virtual machine and the second virtual machine; and
managing a routing of network traffic of the first virtual machine and the second virtual machine to the network.

US Pat. No. 10,250,695

MITIGATION OF PROCESSING LOOPS IN A COMMUNICATION NETWORK

Comcast Cable Communicati...

1. A method, comprising:determining, by a computing device, based on an exchange of one or more error codes between a first network device associated with a first service provider and a second network device associated with a second service provider, that a routing loop associated with a communication session exists;
triggering, based on determining that the routing loop exists, a timer, wherein a duration of the timer is based on multiplying a regressed value by a safety factor, wherein the regressed value is determined by auto regression of an amount of time associated with establishing a previous communication session between the first network device and the second network device, wherein the previous session occurred and successfully ended, indicated by valid messages; and
terminating, based on the timer satisfying a threshold, the communication session.

US Pat. No. 10,250,694

MAINTAINING DISTRIBUTED STATE AMONG STATELESS SERVICE CLIENTS

CA, Inc., New York, NY (...

1. A method for managing distributed state for stateless transactions, said method comprising:detecting, by an application server, a first state-changing event that corresponds to a stateless transaction between a first node of a plurality of nodes and the application server, wherein the stateless transaction is generated from a first instance of an application that is executing on the first node, and wherein the application is hosted by the application server;
broadcasting, by the application server, the first state-changing event to the plurality of nodes;
initiating, by at least the first node and a second node of the plurality of nodes, generation of a block for entry into a blockchain based, at least in part, on the broadcasted first state-changing event, wherein the blockchain comprises blocks that each record a batch of one or more state-changing events associated with execution of the application;
adding, by the first node, the block to a locally stored copy of the blockchain on the first node based, at least in part, on the first node completing generation of the block prior to the second node;
based on detecting that the first node added the block, updating, by each of the plurality of nodes, a locally stored copy of the blockchain with the block generated by the first node to maintain synchronization among the blockchain copies; and
modifying, by the second node, a state of a second instance of the application executing on the second node based, at least in part, on the update to the locally stored copy of the blockchain.

US Pat. No. 10,250,693

IDEMPOTENCE FOR DATABASE TRANSACTIONS

Oracle International Corp...

1. A method comprising:a database server receiving, from a client in a second database session, a request that identifies a set of commands that were sent by the client in a first database session, wherein the set of commands comprises one or more transactions; and
in response to the request that identifies the set of commands in the first database session:
the database server determining that at least one transaction of the one or more transactions in the set of commands has not committed, and
based at least in part on determining that the at least one transaction of the one or more transactions has not committed, the database server blocking, from the second database session, completion of the at least one transaction in the first database session to prevent committing of the at least one transaction initiated in the first database session;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,250,692

VOICE USER INTERFACE FOR PAIRING BETWEEN DEVICES

SONY CORPORATION, Tokyo ...

1. A system, comprising:at least one controlee device;
at least one controller device to control the controlee device;
at least one primary server;
the controlee device being programmed with instructions to cause the controlee device to send a message including an identification of the controlee device to the primary server;
the primary server being programmed with instructions to generate a first code and send the first code to the controlee device;
the controlee device being programmed with instructions to present the first code;
the controller device being programmed with instructions to receive first speech and send at least one first signal to a network on which the primary server communicates representing the first speech;
the primary server being programmed with instructions to receive the first signal from the controller device and to compare information in the first signal from the controller device to the first code;
the primary server being programmed with instructions to associate the controller device with the controlee device responsive to identifying that the information in the first signal from the controller device matches the first code;
the primary server being programmed with instructions to command the controlee device to commence a second pairing step;
the controlee device being programmed with instructions to, responsive to the command from the primary server, generate a second code;
the controlee device being programmed with instructions to present the second code;
the controlee device being programmed with instructions to send the second code to the primary server;
the controller device being programmed with instructions to receive second speech and to send at least one second signal representative thereof to the network;
the primary server being programmed with instructions to receive the second signal from the controller device and to compare information in the second signal from the controller device to the second code; and
the primary server being programmed with instructions to authorize pairing of the controller device with the controlee device responsive to identifying that the information in the second signal from the controller device matches the second code.

US Pat. No. 10,250,691

METHOD AND DEVICE FOR CONTROLLING HOME DEVICE

SAMSUNG ELECTRONICS CO., ...

1. A method by which a server controls a home device, the method comprising:receiving a trigger signal generated by a sensor in a home in response to a mobile device being present at a specific location in the home, wherein the trigger signal comprises an identification value of the mobile device, which is acquired by the sensor, in response to the mobile device being present at the specific location in the home;
comparing the identification value with pre-stored identification values of a plurality of mobile devices to determine a home device within a proximity of the sensor;
determining the home device corresponding to the specific location by using the trigger signal;
requesting the mobile device for context information of the mobile device or context information of a user if the identification value of the mobile device is included in the pre-stored identification values of the plurality of mobile devices;
receiving the context information indicating a situation of the user from the mobile device;
selecting context information related to an operation of the determined home device from among context information received from the mobile device;
providing the selected context information to the home device; and
controlling the home device based on the provided selected context information.

US Pat. No. 10,250,690

MULTIPLE SENSOR DATA PROCESSOR INTERFACE AND RELAY

Camgian Microsystems Corp...

1. A sensing interface circuit, comprising:a first processing unit having outputs including a first common enable signal, a plurality of addressing signals, and plurality of individual enable signals; and
a plurality of second processing units each coupled to processor memory containing configuration programming information to configure the sensing interface circuit to provide power and communications over each of a plurality of sensor coupling ports, each of the plurality of sensor coupling ports coupled to one of the plurality of second processing units, each sensor coupling port including at least one sensor voltage supply connection, and at least one sensor receive input,
wherein the plurality of second processing units are each coupled to the first common enable signal and the plurality of addressing signals and each respectively connected to one of the plurality of individual enable signals.

US Pat. No. 10,250,689

SECURITY MONITOR FOR A VEHICLE

Robert Bosch GmbH, Stutt...

1. A method of securing a controlled area network (CAN) of a vehicle, the CAN having a plurality of electronic control units (ECUs) for controlling electronically-controlled vehicular systems, the method comprising:monitoring, using an electronic processor, an on-board diagnostic (OBD) port of the vehicle for activity, the OBD port being interconnected with the CAN, wherein the monitoring includes:
storing a baseline message profile for at least one of the ECUs of the CAN;
comparing a message in the monitored activity with the baseline message profile of the at least one ECU in the CAN;
flagging a message in the monitored activity as suspicious activity when the message in the monitored activity does not fit the baseline profile of the at least one ECU;
determining whether the flagged message relates to a critical ECU of the plurality of ECUs or to a non-critical ECU of the plurality of ECU;
generating an alert when any monitored activity is suspicious activity that indicates an attack; and
counteracting the suspicious activity to minimize potential harm resulting from the suspicious activity, the counteracting including
determining that the suspicious activity is an attack on a first critical ECU of the plurality of ECUs;
notifying a non-targeted second critical ECU of the plurality of ECUs about the attack on the first critical ECU; and
disabling a non-critical ECU of the plurality of ECUs when the determining determines that the flagged message relates to a critical ECU of the plurality of ECUs.

US Pat. No. 10,250,688

METHOD AND APPARATUS FOR TRANSMITTING SENSOR DATA IN A WIRELESS NETWORK

Canon Kabushiki Kaisha, ...

1. A method for transmitting data from a slave node to a master node in a robotic control network, the robotic control network being based on a shared transmission channel, access to the shared transmission channel being scheduled by the master node, the slave node comprising an acquisition device producing the data, the method comprising on the slave node:obtaining a request from the master node for acquiring data;
estimating the value of a time information representative of a delay for the acquisition device to acquire a block of data ready for transmission to the master node;
sending a message to the master node comprising the estimated time information value;
receiving, from the master node, an authorization of transmission of the block of data from the slave node to the master node, the authorization of transmission scheduling an access time for transmitting the block of data, wherein the scheduled access time depends on the estimated time information value and wherein the estimating of the value of the time information by the slave node is performed prior the receiving of the authorization of transmission from the master node; and
transmitting the block of data from the slave node to the master node during the scheduled access time after the receiving of the authorization of transmission of the block of data.

US Pat. No. 10,250,687

VEHICLE REMOTE OPERATION INFORMATION PROVISION DEVICE, VEHICLE-MOUNTED REMOTE OPERATION INFORMATION ACQUISITION DEVICE, AND VEHICLE REMOTE OPERATION SYSTEM COMPRISING THESE DEVICES

TOYOTA JIDOSHA KABUSHIKI ...

17. A vehicle remote operation system, comprising:a vehicle remote operation information provision device that provides various information pieces relating to a remote operation for a vehicle requested by a user of the vehicle; and
a vehicle-mounted remote operation information acquisition device that is mounted on the vehicle for acquiring the various information pieces from the vehicle remote operation information provision device, wherein
the vehicle remote operation information provision device includes at least one processor configured to:
acquire remote operation request information indicating a request of a remote operation for the vehicle by the user of the vehicle;
transmit access request information to the vehicle-mounted remote operation information acquisition device based on the acquired remote operation request information, the access request information including information for use by the vehicle-mounted remote operation information acquisition device to access a connection destination for prompting provision, to the vehicle-mounted remote operation information acquisition device, of command information indicating a remote operation command for realizing the remote operation requested by the user of the vehicle; and
provide the command information to the vehicle-mounted remote operation information acquisition device according to the access from the vehicle-mounted remote operation information acquisition device,
the vehicle-mounted remote operation information acquisition device includes an ECU configured to:
acquire the transmitted access request information; and
access the connection destination based on the acquired access request information to acquire the command information from the connection destination,
the vehicle remote operation information provision device and the vehicle-mounted remote operation information acquisition device each include a communication interface that realize indirect communication with each other through a predetermined network or direct communication with each other,
the at least one processor and the ECU transmit and receive the access request information by using the indirect communication by the communication interface, and
the at least one processor and the ECU transmit and receive the command information by using the direct communication by the communication interface.

US Pat. No. 10,250,686

FINDING ALTERNATE STORAGE LOCATIONS TO SUPPORT FAILING DISK MIGRATION

INTERNATIONAL BUSINESS MA...

1. A computing device comprising:an interface configured to interface and communicate with a dispersed or distributed storage network (DSN);
memory that stores operational instructions; and
processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to:
detect a potentially adverse storage issue with a memory device of a storage unit (SU) of one or more sets of storage units (SUs) within the DSN, wherein a data object is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with dispersed error encoding parameters to produce a set of encoded data slices (EDSs) that are distributedly stored within the one or more sets of storage units SUs within the DSN, wherein the potentially adverse storage issue is based on at least one of predicted failure of the memory device, an age of the memory device being greater than or equal to a maximum age threshold level, or an indication that the memory device is failing;
determine whether to transfer at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to another memory device of the SU of the one or more sets of SUs within the DSN for temporary storage therein;
based on a determination not to transfer the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to the another memory device of the SU of the one or more sets of SUs within the DSN for temporary storage therein, identify at least one alternate storage location within the DSN to store temporarily the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN;
facilitate transfer of the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to the at least one alternate storage location within the DSN for temporary storage therein; and
based on detection that the potentially adverse storage issue with the memory device of the SU of the one or more sets of SUs within the DSN has subsided, facilitate transfer of the at least one EDSs of the set of EDSs from the at least one alternate storage location within the DSN back to the memory device of the SU of the one or more sets of SUs within the DSN.

US Pat. No. 10,250,685

CREATING LAYER 2 EXTENSION NETWORKS IN A HYBRID CLOUD COMPUTING SYSTEM

VMWARE, INC., Palo Alto,...

1. A computer-implemented method of creating a stretched network, comprising:deploying a first virtual computing instance in a first computing system and a corresponding second virtual computing instance in a second computing system;
establishing one or more tunnels between the first virtual computing instance and the second virtual computing instance;connecting a first network interface of the first virtual computing instance to a first network in the first computing system via a first port which is configured as a sink port;connecting a second network interface of the second virtual computing instance to a second network in the second computing system via a second port which is configured as a sink port;
configuring the first virtual computing instance to bridge the first network interface and the one or more tunnels; and
configuring the second virtual computing instance to bridge the second network interface and the one or more tunnels.

US Pat. No. 10,250,684

METHODS AND SYSTEMS FOR DETERMINING PERFORMANCE CAPACITY OF A RESOURCE OF A NETWORKED STORAGE ENVIRONMENT

NETAPP, INC., Sunnyvale,...

1. A method, comprising:retrieving by a processor, performance data associated with a resource used in a networked storage system for reading and writing data at a storage device, where the performance data includes latency data indicating workload request processing delay, utilization data indicating resource utilization and a service time for processing workload requests;
transforming by the processor the retrieved performance data by removing any performance data beyond a threshold service time and using historically performance data within a threshold variation supplementing the retrieved performance data;
using the transformed performance data for generating by the processor a first portion of a relationship between latency and utilization by an observation based technique using a utilization bin value indicating similar utilization values for the resource and generating a second portion of the relationship by a model based technique using a queuing model;
determining by the processor available performance capacity of the resource based on a difference between optimum utilization of the resource indicated by the relationship, and actual utilization of the resource based on an operational point defined by a service level objective for a client; wherein the difference is compared to the optimum utilization to generate a determined performance capacity value;
storing by the processor, the determined performance capacity value in a data structure for future analysis; and
reconfiguring one or more resources of the networked storage system, based on the determined available performance capacity value for managing resource usage in the networked storage system.

US Pat. No. 10,250,683

SERVER NODE ARRANGEMENT AND METHOD

GURULOGIC MICROSYSTEMS OY...

1. A server node arrangement comprising:a plurality of nodes,
the plurality of nodes of the server node arrangement are coupled via a communication network to a plurality of source devices of input data, and to one or more output devices, wherein the plurality of nodes of the server node arrangement are operable to receive data content from the plurality of source devices of input data, and to process the data content for supplying to the one or more output devices,
the plurality of nodes of the server node arrangement are operable to host one or more processes which are operable to:
determine a form which is compatible to a native data rendering format of the one or more output devices, wherein the form includes a native resolution of the one or more output devices, and
process the data content into the determined form and into the native resolution of the one or more output devices,
each of the one or more output devices is operable to render the data content from the plurality of source devices of input data simultaneously and without scaling the processed data content; and
the plurality of nodes of the server node arrangement are operable to supply the processed data content to the one or more output devices in a manner compatible with a region-of-interest (ROI) of the one or more output devices;
wherein the one or more output devices are operable to define in a message to the plurality of nodes of the server node arrangement one or more parameters which define one or more native formats in which the one or more output devices require their data content to be supplied from the server node arrangement;
wherein the plurality of nodes of the server node arrangement are operable to store data content from the one or more source devices of input data in its original resolution, and supply the data content to the one or more output devices in a format which is compatible with a native format of the one or more output devices;
wherein the plurality of nodes of the server node arrangement are operable to process data content there through in a manner allowing for dynamically-changeable image rescaling in response to user input at the one or more output devices.

US Pat. No. 10,250,682

METHOD OF STORING DATA

AKER SOLUTIONS LIMITED, ...

1. A method of sharing data in a subsea network comprising a plurality of nodes interconnected by a plurality of data connections arranged to carry data to and from equipment in subsea installations, the method comprising:storing data in a mass subsea data store provided across a plurality of nodes in the subsea network configured to act as a subsea data server; and
on receiving, at any node of the subsea data server, a request for access to data stored in the mass subsea data store provided across the plurality of nodes, the subsea data server retrieving the requested data from the data store and causing the requested data to be sent over the subsea network to the intended recipient;
wherein the plurality of nodes in the subsea network providing the mass subsea data store are subsea electronics modules for use in a subsea installation; and
wherein the mass subsea data store is a distributed data store across mass storage provided by plural co-operating subsea electronics modules.

US Pat. No. 10,250,681

OPTIMIZATION OF A MULTI-CHANNEL SYSTEM USING A FEEDBACK LOOP

Google LLC, Mountain Vie...

1. A system comprising:a third-party content corpus database that stores information for various content that are available to be distributed to client devices; and
a distributed computing environment, including multiple computing devices and a feedback loop wherein the distributed computing environment interacts with the third-party content corpus database and performs operations comprising:
distributing content over multiple different online channels using a same reference distribution amount specified by a provider of the content for distribution over the multiple different online channels, wherein the feedback loop is configured to obtain feedback about the distributions and adjust a transmission of content over the multiple different online channels by adjusting a selection value used to distribute content over the multiple different online channels;
receiving, through the feedback loop and for multiple different distributions of the content over the multiple different online channels, an observed distribution amount required for distribution of the content to client devices over the multiple different online channels;
determining, based on the observed distribution amount received through the feedback loop, a realized distribution amount for the multiple different distributions across the multiple different online channels;
adjusting the selection value for the multiple different online channels based on a difference between the realized distribution amount and the same reference distribution amount specified by the provider of the content; and
distributing the content over the multiple different online channels using the adjusted maximum selection value.

US Pat. No. 10,250,680

GATEWAY MANAGEMENT USING VIRTUAL GATEWAYS AND WILDCARDS

SYSTECH CORPORATION, San...

1. A system comprising a server that comprises:at least one hardware processor; and
a memory storing one or more software modules that, when executed by the at least one hardware processor,
generate a virtual gateway which comprises a representation of each of one or more active scripts stored on at least one remote physical gateway, wherein the at least one remote physical gateway is communicatively connected with one or more external devices, and wherein the one or more active scripts stored on the at least one remote physical gateway and represented in the virtual gateway are configured to monitor or control the one or more external devices,
automatically maintain synchronization, across at least one network, between the one or more active scripts represented in the virtual gateway and the one or more active scripts stored on the at least one remote physical gateway,
detect a failure of the at least one remote physical gateway, and,
in response to the failure of the at least one remote physical gateway, locally execute the one or more active scripts represented in the virtual gateway at the server, in place of the one or more active scripts stored on the at least one remote physical gateway to monitor or control the one or more external devices.

US Pat. No. 10,250,679

ENABLING SNAPSHOT REPLICATION FOR STORAGE

EMC IP Holding Company LL...

1. A system comprising:one or more processors;
computer-executable logic operating in memory, wherein the computer-executable program logic enables execution across the one or more processor of:
splitting IO directed to a LUN on a production site to a first thin LUN;
determining to take a snapshot of the LUN at a point in time;
reconfiguring the IO split from the LUN on the production site to be split to a second thin LUN, wherein the first and second thin LUNs are enabled to change size according to an amount of IO split to them, respectively; and
copying changes from the first thin LUN to a protection storage device.

US Pat. No. 10,250,678

HYBRID MODES FOR PEER DISCOVERY

QUALCOMM Incorporated, S...

1. A method for wireless communication, comprising:performing, by a device, a first peer discovery autonomously for detecting at least one other device, the first peer discovery performed during at least one peer discovery cycle, wherein the performing of the first peer discovery autonomously comprises sending a peer detection signal during the at least one peer discovery cycle at a first rate by the device; and
performing, by the device, a second peer discovery with network assistance for detecting the at least one other device, the second peer discovery performed during the at least one peer discovery cycle, wherein the performing the second peer discovery comprises:
sending a peer discovery request including at least one of a service identifier or a device identifier that the device desires to detect;
receiving a second peer discovery request from the at least one other device; and
sending the peer detection signal at a rate faster than the first rate by the device in response to the second peer discovery request, wherein the second peer discovery request is received and the peer detection signal is sent at the faster rate for a predetermined period of time, wherein one or more of the sending of the peer detection signal or the sending of the peer discovery request is initiated based on a change in serving cells by the device and sent via the network.

US Pat. No. 10,250,677

DECENTRALIZED NETWORK ADDRESS CONTROL

CyberArk Software Ltd., ...

1. A non-transitory, computer-readable medium containing instructions that, when executed by at least one processor, cause the at least one processor to perform operations for decentralized load balancing for a plurality of network resources, in a system allowing for load balancing decisions that are decentralized among the plurality of network resources, the operations comprising:determining, by a first decentralized load balancing application associated with a first network resource, a load characteristic for the first network resource;
receiving at the first decentralized load balancing application, from a second decentralized load balancing application associated with a second network resource, a load characteristic for the second network resource;
determining, by at least the first decentralized load balancing application and based on the load characteristics for the first network resource and second network resource, that network traffic should be received by the first network resource;
sending, based on the determination that network traffic should be received by the first network resource, a report to a network address resolution resource, the report being configured to cause the network address resolution resource to send the network traffic to the first network resource;
wherein the network address resolution resource is configured to also receive reports from the second load balancing application, and wherein both the first network resource and the second network resource are each associated with a common network resource name; and
receiving, from a client that has identified the common network resource name and been directed to the first network resource by the network address resolution resource, a communication directed to the first network resource.

US Pat. No. 10,250,676

MODULAR DEVICE AND METHOD OF OPERATION

Arch Systems Inc., Mount...

1. A method for device operation, the device including a control tile connected to a plurality of tiles physically distinct from the control tile, the method comprising:operating each tile of the plurality based on a respective set of operation settings associated with the respective tile;
writing tile output values from the tiles into a common circular buffer stored by the control tile in order of arrival;
monitoring the circular buffer for a trigger event with a virtual monitor executed by the control tile;
incrementally stepping through the circular buffer with a reading module that selectively reads the tile output values satisfying a tile output parameter associated with the trigger event; and
at the device, determining a processing function output by processing, according to a processing function associated with the trigger event, the tile output values read by the reading module;wherein the control tile stores a graph data structure defining device operation, the graph data structure comprising an edge and a node, the edge associated with the trigger event and the tile output parameter, the node associated with the processing function.

US Pat. No. 10,250,675

POSTING THE SAME RESPONSE FOR DUPLICATED CONTENT

INTERNATIONAL BUSINESS MA...

1. A method, comprising:detecting a first instance of a response, generated by a user, posted in a first social networking service, the first instance of the response responding to a first instance of first content shared with the user in the first social networking service;
responsive to detecting the first instance of the response, generated by the user, posted in the first social networking service, storing to a functional data structure a record including a first identifier identifying the response and at least a second identifier identifying the first instance of the first content;
detecting a second instance of the same first content being shared with the user in the first social networking service or a second social networking service, wherein detecting the second instance of the first content being shared with the user in the first social networking service or the second social networking service comprises determining that a third identifier identifying the second instance of the first content matches the first identifier identifying the first instance of the first content; and
responsive to detecting the second instance of the same first content being shared with the user, automatically posting, using a processor, a second instance of the response, the second instance of the response responding to the second instance of the first content on behalf of the user.

US Pat. No. 10,250,674

RADIO ACCESS METHOD, APPARATUS, AND SYSTEM FOR IMPLEMENTING MUTUAL TRANSMISSION AND PROCESSING OF COLLABORATIVE DATA BETWEEN SITES

Huawei Technologies Co., ...

1. A radio access method for implementing a cloud radio access network (RAN) architecture that includes digital processing units (DUs) deployed in sites of an evolved universal terrestrial radio access network (E-UTRAN) architecture, the method comprises:receiving, by a switching device, first and second data packets sent by first and second DUs, respectively, in respective first and second sites, wherein the DUs support the E-UTRAN architecture;
determining, by the switching device, to send the first data packet to the second DU in the second site for collaborative processing that involves mutual transmission and processing of collaborative data between the first and second DUs,
wherein the determination is based on a routing policy at the switching device for implementing the cloud RAN architecture based on the DUs arranged to support the E-UTRAN architecture; and
sending, by the switching device, the first and second data packets to the second DU, so that the second DU performs collaborative processing on the first and second data packets,
wherein the first and second data packets are of a same data type comprising layer 2 (L2) scheduling data, hard bit data, frequency-domain in-phase-quadrature (IQ) data and time-domain IQ data.

US Pat. No. 10,250,673

STORAGE WORKLOAD MANAGEMENT USING REDIRECTED MESSAGES

Amazon Technologies, Inc....

1. A system, comprising:one or more computing devices configured to:
determine, based on a plurality of requests of a storage workload at a first client-side component of a multi-tenant network-accessible storage service presenting a block-level programmatic interface, a metric associated with at least the plurality of requests of the storage workload directed from the first client-side component towards one or more storage servers during a particular time interval, wherein the storage workload includes block-level storage requests from one or more applications to block-level storage hosted by the one or more storage servers, and wherein the first client-side component is configured to communicate the block-level storage requests over one or more respective data-plane communication channels between the first client-side component and the one or more storage servers;
transmit the metric from the first client-side component to a particular storage server via a pre-existing data-plane communication channel created between the first client-side component and the particular storage server;
identify, at the particular storage server in accordance with a metric distribution policy, a second client-side component of the storage service to which the metric is to be propagated;
transmit the metric from the particular storage server to the second client-side component using a different pre-existing data-plane communication channel created between the second client-side component and the particular storage server; and
reschedule, at the second client-side component, based at least in part on an analysis of one or more workload metrics including the metric determined at the first client-side component, transmission of one or more storage requests to the one or more storage servers from the second client-side component.

US Pat. No. 10,250,672

METHOD AND SYSTEM FOR CONTROLLED DISTRIBUTION OF INFORMATION OVER A NETWORK

Facebook, Inc., Menlo Pa...

1. A method comprising:by one or more computer servers associated with an information management and distribution system, receiving a request from a user for a profile page associated with the information management and distribution system, the profile page permitting the user to supply information about the user that may be shared with other users of the information management and distribution system;
by the one or more computer servers, after sending the profile page to the user, receiving profile information for the user that was entered into the profile page;
by the one or more computer servers, in response to receiving the profile information and determining that the user has not previously registered with the information management and distribution system, generating a personal identifier, the personal identifier being a unique identifier associated with the user;
by the one or more computer servers, storing the personal identifier in association with the profile information for the user; and
by the one or more computer servers, sending the personal identifier to a client device of the user in association with a response to the request-request; and by the one or more computer servers, receiving the personal identifier during user profile exchange operations with one or more other users of the information management and distribution system; wherein the response comprises information to download an application to the client device.

US Pat. No. 10,250,671

P2P-BASED FILE TRANSMISSION CONTROL METHOD AND P2P COMMUNICATION CONTROL DEVICE THEREFOR

SK TELECOM CO., LTD., Se...

1. A P2P-based file transmission control method performed by a peer-to-peer (P2P) communication control device, the method, implemented by one or more processors comprised in the P2P communication control device, comprising:controlling, by the P2P communication control device disposed between a client device and a peer management device in a communication network, the P2P-based file transmission to modify a peer list without intervention of the client device or the peer management device by selectively collecting a peer list request message having an address of the peer management device as a destination;
wherein the controlling comprises
receiving, instead of the peer management device, the peer list request message transmitted to the peer management device by the client device;
sending, instead of the client device, a request for the peer list for a shared file to the peer management device;
receiving the peer list from the peer management device;
modifying the received peer list in accordance with a communication environment of the client device; and
providing the modified peer list to the client device,
wherein the receiving of the peer list request message includes
receiving a request message having the address of the peer management device as the destination;
filtering the packet having the address of the peer management device as a destination,
wherein the receiving of the peer list request message further includes
checking whether a destination address of the received message is identical with the address of the peer management device, and
returning a non-identical message to the communication network.

US Pat. No. 10,250,670

STREAMING ZIP

Apple Inc., Cupertino, C...

1. A method comprising:at a server device:
initiating a transmission of a streamable ZIP file container to a client device via a network connection, wherein the streamable ZIP file container includes a plurality of files;
receiving an indication that the transmission of the streamable ZIP file container is interrupted, wherein the indication indicates at least one of (i) an initial portion of the plurality of files included in the streamable ZIP file container was received by the client device or (ii) a remaining portion of the plurality of files included in the streamable ZIP file container is to be transmitted to the client device; and
in response to receiving a resume transmission instruction:
establishing a resumption point, wherein the resumption point is a predefined checkpoint disposed at a boundary between a first file and a second file of the plurality of files, and
transmitting the remaining portion of the plurality of files, in accordance with the resumption point, to the client device via the network connection.

US Pat. No. 10,250,669

FILE TRANSFERRING METHOD AN DEVICE THROUGH WI-FI DIRECT

1. A method for sending files through Wireless Fidelity (Wi-Fi) Direct, comprising:obtaining, by a transmitting end, a multimedia attribute of a file to be transferred after the file to be transferred is determined to be transferred to a receiving end; and
sending, by the transmitting end, the obtained multimedia attribute before sending the file to be transferred to the receiving end,
wherein the multimedia attribute indicates the receiving end to judge whether to support the file to be transferred,
wherein if the multimedia attribute of the file to be transferred is in a supporting capability list supported by the receiving end, it is indicated that the type of the file to be transferred is supported by the receiving end;
if the multimedia attribute of the file to be transferred is not in the supporting capability list supported by the receiving end, it is indicated that, the type of the file to be transferred is not supported by the receiving end;
wherein the multimedia attribute of the file:
includes content that describes the type of file being transferred and at least one or more operational requirements for processing the file on the receiving end;
is carried in a signaling or message exchange between the transmitting end and the receiving end, and the multimedia attribute of the file is taken as a plurality of fields and appended in any existing protocol data unit (PDU) used for exchange; and
is transferred by the message exchange between the transmitting end and the receiving end;
wherein the supporting capability list describes one or more types of files supported by the receiving end and at least one or more operational capabilities required for processing the file on the receiving end.

US Pat. No. 10,250,668

COMMUNICATION APPARATUS, CONTROL METHOD THEREOF, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. A communication apparatus comprising:a network I/F that receives a packet transmitted from an external apparatus on a network;
a memory that stores programs;
a processor that executes the programs to:
set an IP address of the communication apparatus, based on a first setting packet received by the network interface (I/F) and for which a media access control (MAC) address of the network I/F is specified as a destination MAC address,
wherein, in a case where after the network I/F receives the first setting packet, the network I/F receives a second setting packet for which the MAC address of the network I/F is specified as the destination MAC address without receiving a non-setting packet for which the MAC address of the network I/F is specified as the destination MAC address, the processor performs a setting of the IP address of the communication apparatus based on the second setting packet, and
in a case where after the network I/F receives the first setting packet, the network I/F receives of the communication apparatus the second setting packet, the processor does not performed the setting of the IP address of the communication apparatus based on the second setting packet.

US Pat. No. 10,250,667

MULTI-DOMAIN CONFIGURATION HANDLING IN AN EDGE NETWORK SERVER

Akamai Technologies, Inc....

1. A computer program product in a non-transitory computer-readable medium comprising computer program instructions executable in one or more hardware processors, the computer program instructions comprising:a network-accessible provisioning portal operated by a first party, the provisioning portal receiving data, the data having been entered by a second party customer of the first party to provision, for handling by the first party, a digital property that is associated with a set of third party domain names, the third party domain names being associated with one or more third party customers of the second party that are not customers of the first party;
one or more server processes operated by the first party, wherein a server process receives from the provisional portal a configuration file associated with the digital property; and
the server process being further configured to receive a request having a header associated therewith, the header including a value and, in response: determining whether the value in the header is recognized as a second party domain, performing a Domain Name System (DNS) query on the value when the value in the header is not recognized as a second party domain, receiving a Canonical Name (CNAME) chain in response to the DNS query, analyzing the CNAME chain to determine whether a predetermined pattern is recognized, the predetermined pattern being associated with the digital property, and using the predetermined pattern to attempt to locate the configuration file associated with the digital property when the predetermined pattern is recognized.

US Pat. No. 10,250,666

SYSTEMS AND METHODS FOR DASHBOARD IMAGE GENERATION

Dundas Data Visualization...

1. A method for generating a static image of an interactive dashboard for viewing on a remote computing device, the method comprising:receiving a dashboard request, the dashboard request comprising data identifying the interactive dashboard and data specifying a state for one or more dashboard filters to be applied to the interactive dashboard;
in response to receiving the dashboard request:
transmitting, to an image generator, a dashboard image request corresponding to the dashboard request, the image generator comprising an image generation service and an instance of an image generation client application; and
receiving, from the instance of the image generation client application, at least one query parameter corresponding to the dashboard image request;
in response to receiving the at least one query parameter:
deriving one or more key performance indicator values from business data stored in a business database; and
transmitting the one or more key performance indicator values to the instance of the image generation client application, the instance of the image generation client application rendering the interactive dashboard and generating an image data file comprising a static image of the rendered interactive dashboard in response to receipt of the one or more key performance indicator value;
receiving, from the instance of the image generation client application, the image data file comprising the static image of the interactive dashboard; and
transmitting the image data file to the remote computing device.

US Pat. No. 10,250,665

DISTRIBUTION CONTROL SYSTEM, DISTRIBUTION SYSTEM, DISTRIBUTION CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM

Ricoh Company, Limited, ...

1. A distribution control system, the distribution control system configured to communicate with a plurality of communication terminals, a terminal management system for managing the plurality of communication terminals, and at least one cloud web server through a communication network and configured to transmit real-time video and/or sound data to the plurality of communication terminals through the communication network, the distribution control system comprising:a storage device having at least two types of web browsers installed thereon, the two types of web browsers including at least a public web browser configured to allow information to be open to other users, and a private web browser configured to restrict information to only a requesting user; and
at least one processor configured to execute computer readable instructions to,
receive a request to start a web browser from the terminal management system,
determine which of the at least two types of web browsers to start based on whether the request includes personal information,
start one of the two types of web browsers in response to the request and results of the determination,
obtain web content data from the at least one cloud web server using the started web browser,
calculate a transmission delay time that indicates a period of elapsed time from a point when transmission data is transmitted from the distribution control system to each of the plurality of communication terminals to a point when the transmission data is received,
calculate a frame rate and data resolution of the transmission delay time based on the transmission delay time and size of the transmission data,
generate the real-time video and/or sound data by rendering the web content data from the at least one cloud web server based on the calculated frame rate and data resolution,
multicast the generated real-time video and/or sound data to the plurality of communication terminals when the started web browser is the public web browser, and
transmit the generated real-time video and/or sound data to only a first communication terminal of the plurality of communication terminals when the started web browser is the private web browser,
wherein the transmission delay time is calculated by (t0+?)?T0, where t0 indicates a point in time at a communication terminal when the communication terminal receives transmission data transmitted from the distribution control system, T0 indicates a point in time when the transmission data is transmitted from the distribution control system to the communication terminal, and ? indicates a time difference between the distribution control system and the communication terminal,
wherein the time difference is based on information indicating a time when the communication terminal transmits a request for time information to the distribution control system (ts), information indicating a time when the distribution control system receives the request for time information (Tr), information indicating a time when the distribution control system transmits a response to the request (Ts), and information indicating a time when the communication terminal receives the response (tr), and
wherein the time difference is further based on a difference between a first function and a second function, the first function including a sum of Tr and Ts, the second function including a sum of ts and tr.

US Pat. No. 10,250,664

PLACESHIFTING LIVE ENCODED VIDEO FASTER THAN REAL TIME

SLING MEDIA LLC, Foster ...

1. A method executable by a placeshifting device to encode a media stream for placeshifting to a remote media player via a network, the method comprising:encoding the media stream by the placeshifting device;
transmitting the media stream from the placeshifting device to the remote media player via the network for playback of the media stream by the remote media player, wherein the encoding and transmitting of the media stream occur concurrently so that the media stream is a live encoded media stream;
monitoring delivery of the media stream via the network by the placeshifting device to determine a decoding capacity of the remote media player; and
while the media stream is being transmitted to the remote media player via the network, the placeshifting device adapting the encoding of the media stream in response to the monitoring, wherein the adapting comprises changing an encoding quality of the media stream based upon the decoding capacity of the remote media player so that the media stream is delivered to the remote media player at a rate that is faster than a real time playback rate of the remote media player.

US Pat. No. 10,250,663

GATEWAY STREAMING MEDIA TO MULTIPLE CLIENTS IN ACCORDANCE WITH DIFFERENT STREAMING MEDIA PROTOCOLS

ARRIS Enterprises LLC, S...

1. A method for delivering two or more concurrent streaming media sessions to client devices, comprising:receiving a request from a client device to establish a new streaming media session while one or more ongoing streaming media sessions is in progress;
determining if resources are available to fulfill the request; and
when one or more resources needed to fulfill the request are unavailable because of one or more ongoing streaming media sessions, responding to the request in accordance with a pre-established prioritization scheme that gives priority to either delivery of a total number of concurrent streaming media sessions or a quality level of the concurrent streaming media sessions being delivered,
wherein the pre-established prioritization scheme prioritizes the total number of concurrent streaming media sessions over the quality level of the concurrent streaming media sessions and further comprising limiting at least one of the ongoing streaming media sessions or the new streaming media session to be established to a quality level that allows the request to be fulfilled and which is less than a maximum available quality level,
wherein the streaming media session being limited in quality is streamed to a given client device in accordance with an adaptive streaming protocol and further comprising sending a manifest to the given client device for a media stream having a quality level that does not exceed a quality level that allows the request to be fulfilled, and
wherein sending the manifest to the given client device includes receiving from the given client device a request for a manifest Uniform Resource Identifier (URI) for a media stream having a quality level that exceeds the quality level that allows the request to be fulfilled and rerouting the request to another manifest URI for the media stream having a quality level that does not exceed the quality level that allows the new request to be fulfilled.

US Pat. No. 10,250,662

AGGREGATING STREAMS MATCHING A QUERY INTO A SINGLE VIRTUAL STREAM

EMC IP Holding Company LL...

1. A computer-implemented method performed by a server, comprising:determining a plurality of data streams active on the server that match a query received from a client device;
generating a virtual stream comprising data received from the plurality of data streams;
transmitting to the client device, a unique identifier and one or more routing keys for the virtual stream and one or more segments of data of the virtual stream;
detecting that a flow rate of data segments received by the virtual stream has increased above a first threshold amount;
notifying the client device to add one or more consumers to process the virtual stream; and
increasing a number of partitions of the virtual stream by at least one partition, in response to receiving notice from the client device that the client device has added at least one consumer to process the virtual stream.

US Pat. No. 10,250,661

METHOD OF CONTROLLING A REAL-TIME CONFERENCE SESSION

1. A communication apparatus for controlling a real-time conference session comprisinga media processing unit communicatively connectable to a first communication terminal of a first user and a second communication terminal of a second user, the media processing unit configured to allow a conference session to comprise a passive mode of the first user, wherein the data is received at and transmitted by the first communication terminal as passive data but not received by the second communication terminal, and an active mode of the first user, wherein the data is received and transmitted by the first communication terminal and received by the second communication terminal as active data;
the communication apparatus configured to perform switching from the passive mode to the active mode at a switching point-in-time, wherein after the switching a first duration of the passive data of the first user, the first duration ending at or starting from the switching point-in-time, is left to be transmitted to the second user;
the communication apparatus configured to record the first duration of the passive data and a second duration of the active data of the first user, the second duration starting from the switching point-in-time;
the communication apparatus configured to replay the recorded first duration of the passive data and the recorded second duration of the active data to the second user via the second communication terminal after switching, the replaying starting from the switching point-in-time; and
the communication apparatus configured to switch-off of recording and starting to transmit the data of the first user in real-time to the second communication terminal of the second user, when a synchronization delay between a first end of the second duration of the active data of the first user during recording and a second end of the replayed second duration of the active data after recording is equal or smaller than a predetermined duration.

US Pat. No. 10,250,660

METHOD, SYSTEM AND APPARATUS FOR THE TRANSMISSION AND ADAPTION OF DATA

1. A communication system comprising:a server computer device having non-transitory memory connected to at least one processor, the server computer device being connectable to at least one terminal device;
the server computer device being configured to distribute data from the server computer device to the terminal device via a content aware layer and transport aware layer of a network transport layer,
the transport aware layer being configured to obtain information regarding network connectivity between the terminal device and the server computer device;
the content aware layer being configured to determine requirements of the terminal device requesting the data from the server computer device;
wherein the transport layer is configured to provide network description information to a decision manager of the server computer device for networks about which at least one communication link to the terminal device is formable to transport the data from the server computer device to the terminal device;
wherein the content aware layer is configured to determine requirements for the data of an application running on the terminal device requesting the data;
the decision manager being configured to match requirements of the application with network connectivity information of the network description information to select at least one first network about which to transmit the data to the terminal device;
wherein the transport aware layer is configured to select at least one access point of the at least one first network selected by the decision manager for the transport of the data from the server computer device to the terminal device about at least one first communication link to be established between the server computer device and the terminal device via the selected at least one first network;
wherein the transport aware layer is configured to detect a failure in the selected at least one first network about which the data is being transported from the server computer device to the terminal device;
the decision manager is configured to select at least one second network about which the data is to be transported from the server computer device to the terminal device in response to the detected failure of the selected at least one first network; and
the transport aware layer is configured to select at least one access point of the selected at least one second network for establishment of at least one second communication link about which the data is to be transmitted from the server computer device to the terminal device in response to the selection of the at least one second network by the decision manager.

US Pat. No. 10,250,659

CONTEXTUALLY AWARE CLIENT BUFFER THRESHOLDS

MobiTV, Inc., Emeryville...

1. A computing device comprising:a memory module storing a buffer, the buffer having associated therewith a plurality of thresholds including a first data threshold and a second data threshold, the second data threshold being greater than the first data threshold;
a communications interface configured to receive first media stream data associated with a media stream from a remote server via a network and store the received first media stream data in the buffer, wherein the first media stream data encodes the media stream at a first quality level;
a media presentation component configured to present the media stream at the computing device when the first media stream data stored in the buffer reaches the first threshold; and
a processor configured to transmit a first message to the remote server via the communications interface when the first media stream data stored in the buffer reaches the second threshold, wherein the first message includes a request to transmit second media stream data associated with the media stream, and wherein the second media stream data encodes the media stream at a second quality level, wherein the processor is further configured to establish a modified buffer having a modified playback threshold higher than the first data threshold.

US Pat. No. 10,250,658

HYBRID MEDIA STREAM DELIVERY USING MULTIPLE NETWORK CONNECTIONS

THE DIRECTV GROUP, INC., ...

1. A method comprising:receiving, from a destination device, a request for data to be delivered to the destination device over one of a network pathway or a satellite pathway;
determining a first cost of transmission of the data over the network pathway to the destination device;
determining a second cost of transmission of the data over the satellite pathway to the destination device;
determining a least costly pathway for transmission of the data between the network pathway and the satellite pathway using the first cost and the second cost; and
transmitting the data over the least costly pathway of the network pathway and the satellite pathway to a device associated with the destination device, wherein the data is passed directly by the device to the destination device when the data is transmitted over the network pathway, and wherein the data is removed from at least one first transport packet container, added to at least one second transport packet container associated with transport packet containers received over the network pathway, and passed to the destination device in the at least one second transport packet container by the device when the data is transmitted over the satellite pathway.

US Pat. No. 10,250,657

STREAMING MEDIA OPTIMIZATION

Amazon Technologies, Inc....

1. A system, comprising:at least one client computing device comprising:
a memory having a buffer; and
a processor, the processor of the at least one client computing device being configured to at least:
monitor an amount of network bandwidth available to the at least one client computing device;
receive a plurality of media blocks from a media server, the plurality of media blocks being part of a media stream for a media item;
store the plurality of media blocks in the buffer;
detect an increase in network bandwidth available to the at least one client computing device;
responsive to detecting the increase in network bandwidth available to the at least one client computing device and concurrently with receiving an additional part of the media stream, select a stored media block in the buffer, the stored media block being part of the media stream for the media item;
obtain a replacement media block for the stored media block, the replacement media block corresponding to a portion of the media item encoded within the stored media block, wherein a quality level of the replacement media block is chosen based on the increase in network bandwidth and is greater than the quality level of the stored media block; and
replace, after obtaining the replacement media block, the stored media block in the buffer with the replacement media block prior to a rendering of the stored media block.

US Pat. No. 10,250,656

SYSTEMS AND METHODS FOR GENERATING, PROVIDING, AND RENDERING QUICK LOAD ARTICLES

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:transmitting, by a computing system, a quick load article request identifying a quick load article;
receiving, by the computing system, one or more media content elements associated with the quick load article, the one or more media content elements comprising a first quick load embedded web content element; and
rendering, by the computing system, the quick load article, wherein
the first quick load embedded web content element comprises
embedded web content element information identifying a first embedded web content element, and
snapshot information identifying a first snapshot associated with the first embedded web content element, and
the rendering the quick load article comprises rendering the first snapshot within the quick load article in place of the first embedded web content element.

US Pat. No. 10,250,654

METHOD AND APPARATUS FOR TRANSCEIVING DATA PACKET FOR TRANSMITTING AND RECEIVING MULTIMEDIA DATA

Samsung Electronics Co., ...

1. A transmitting apparatus, comprising:a transceiver; and
a processor configured to control the transceiver to transmit a data packet including a packet header and a packet payload,
wherein the packet payload includes a payload header and a fragment of a data unit or at least one complete data unit, and the payload header includes fragmentation information and a fragment indicator,
wherein the fragmentation information includes information about a number of at least one packet payload including at least one fragment of the data unit succeeding the packet payload,
wherein the fragment indicator includes one of a first value indicating that the packet payload includes a first fragment of the data unit, a second value indicating that the packet payload includes a fragment of the data unit that is neither the first fragment nor a last fragment of the data unit, and a third value indicating that the packet payload includes the last fragment of the data unit,
wherein the packet header including a packet identifier, a sequence number, and a timestamp,
wherein the packet identifier includes information to identify an asset related to the data packet,
wherein the sequence number includes information to identify at least one data packet that has the packet identifier, and
wherein the timestamp includes time information for the data packet.

US Pat. No. 10,250,653

PROXIMITY SERVICE SIGNALING PROTOCOL FOR MULTIMEDIA BROADCAST MULTICAST SERVICE OPERATIONS

Qualcomm Incorporated, S...

1. A method for wireless communication, comprising:receiving a discovery message broadcast from at least one ProSe relay wireless device;
identifying, by a first wireless device, a group identity parameter associated with a multicast transmission of multimedia content;
determining that the discovery message comprises an indication of whether the at least one ProSe relay wireless device supports the multicast transmission of multimedia content associated with the group identity parameter;
sending a temporary mobile group identity (TMGI) monitor request that comprises the group identity parameter;
receiving, in response to the TMGI monitor request, a response from the at least one first ProSe relay wireless device, wherein the response comprises an identification parameter associated with the at least one ProSe relay wireless device;
mapping the identified group identity parameter to the identification parameter; and
receiving, subsequent to the determining, the multicast transmission of the multimedia content via the at least one ProSe relay wireless device based on the mapping of the identified group identity parameter to the identification parameter.

US Pat. No. 10,250,652

DATA TRANSMISSION SYSTEM, TERMINAL DEVICE, PROGRAM, AND METHOD

RICOH COMPANY, LIMITED, ...

1. A data transmission system, comprising:a plurality of terminal devices that are connected to a communication network and that transmit or receive content data among the terminal devices, wherein
at least one of the terminal devices that receives the content data includes processing circuitry configured to
based on an output time interval of an output signal corresponding to predetermined content data, transmit a code amount reduction request to request reduction of a code amount of the predetermined content data while designating a transmission source of the predetermined content data as a destination, and
in response to a code amount reduction request transmitted from another terminal device, reduce a code amount of corresponding content data.

US Pat. No. 10,250,651

METHOD AND MOBILE TERMINAL FOR PUBLISHING INFORMATION AUTOMATICALLY

HUAWEI DEVICE (DONGGUAN) ...

1. A method for publishing information automatically, comprising:receiving, by a mobile terminal, operation information of a user;
matching, by the mobile terminal, types of the operation information of the user with preset operation information types, the preset information types being selected from a menu on a user interface of the mobile terminal, the menu comprising different preset operation information types, the different preset operation information types comprising a call information type, an audio information type, a video information type, a network information type, a location information type, a picture information type, and a software operation information type, the call information type comprising a short message service message, a voice call, and a video call, the audio information type comprising audio recorded or played by a music player, a recorder, and a radio set, the video information type comprising a movie, a teleplay, and video images that are recorded or played by multimedia players, the network information type comprising web page browsing, online download, online game, online chat, online sharing, and online trading, the location information type comprising a location of the user and a location change of moving from one place to another place, the picture information type comprising a picture taken using a camera and an operation performed on an existing picture, and the software operation information type comprising a login, update, and logout of the user;
selectively storing, by the mobile terminal, the operation information of the user for a preset time when the types of the operation information of the user match the preset operation information types, the mobile terminal only storing a portion of the operation information that matches the preset operation information types selected by the user, and the mobile terminal not storing another portion of the operation information that does not match the preset operation information types selected by the user; and
sending, by the mobile terminal, an information publishing indication message to a predetermined server after the preset time, the information publishing indication message comprising at least an address of the predetermined server, account information of the user, and all stored operation information such that the predetermined server is able to publish all the stored operation information according to the account information.

US Pat. No. 10,250,650

DISCOVERY PLAYLIST CREATION

HARMAN INTERNATIONAL INDU...

1. A non-transitory computer-readable medium containing computer code that, when executed, performs an operation comprising:capturing one or more images of a physical environment;
identifying two or more users in the physical environment by analyzing the one or more images;
in response to identifying the two or more users, retrieving, for each of two or more identified users, a respective musical preferences model representing a plurality of acoustical characteristics of musical content determined based on preferences of the respective user;
generating a common musical preferences model representing a set of common acoustical characteristics of musical content for the two or more identified users, based on the musical preferences models for each of the two or more identified users;
identifying a library of available musical content; and
creating a playlist of two or more musical selections from the library of available musical content, based on the common musical preferences model.

US Pat. No. 10,250,649

COMMUNICATIONS SYSTEM WITH SEQUENCED CHAT, INTERACTIVE AND DIGITAL ENGAGEMENT FUNCTIONS

Chatalyze, Inc., Menlo P...

19. An apparatus, comprising;a processor,
a network interface,
a memory comprising computer-readable instructions operative, when executed, to cause the processor to:
initiate a first network connection with a remote signaling system;
access event schedule information comprising an ordered set of time slots associated with the event, each time slot associated with a user registered for the event; and
establish real-time communications sessions with the network clients of the users in a sequence corresponding to the ordered set of time slots by, for each real-time communications session:
transmitting one or more signaling messages to the signaling system for forwarding to the network client associated with the user identified in the one or more signaling messages;
receiving one or more signaling messages transmitted from the network client associated with the user;
establishing, using information in at least one of the signaling messages, a network connection with the network client of the user;
receiving real-time video stream data from the network client; and
transmitting real-time video stream data captured at the remote computing system to the network client of the user.

US Pat. No. 10,250,648

AMBIENT COMMUNICATION SESSION

GOOGLE LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, at a first communication device, a request of a first user of the first communication device to establish a communication session in an inactive mode when the first user is unavailable to participate in the communication session, wherein the communication session enables communication between different communication devices when the communication session is in an active mode;
responsive to receiving the request, initiating at the first communication device the communication session in the inactive mode in which one or more features of the communication session are temporarily disabled;
receiving, at the first communication device, a request from a second communication device to participate in the communication session; and
responsive to receiving the request, switching the communication session at the first communication device from the inactive mode to an active mode in which the one or more features are enabled, wherein the first communication device and second communication device are joined to the communication session in the active mode.

US Pat. No. 10,250,647

DEVICE TRIGGERING

Convida Wireless, LLC, W...

1. A first apparatus in a communication network, the first apparatus comprising:a processor; and
a memory coupled with the processor, the memory having stored thereon executable instructions that when executed by the processor cause the processor to effectuate operations comprising:
receiving, from a second apparatus, a first message associated with registering with the first apparatus,
the first message comprising instructions for sending a trigger message to the second apparatus,
the instructions for sending the trigger message to the second apparatus comprising an access network device identifier and a port number, the access network device identifier comprising a mobile station international subscriber directory number (MSISDN), 3GPP external identifier, or international mobile subscriber identity (IMSI); and
sending the trigger message based on the instructions for sending the trigger message, wherein the trigger message is sent over a control plane.

US Pat. No. 10,250,646

METHOD AND DEVICE FOR ESTABLISHING CHANNEL

Huawei Technologies Co., ...

1. A method for establishing a channel, comprising:receiving, by a first web real-time communication (WEBRTC) signaling gateway device, a session request message transmitted by a calling terminal, wherein the session request message comprises an identifier of a called terminal, and wherein the calling terminal is a WEBRTC terminal;
transmitting, by the first WEBRTC signaling gateway device, a query request message comprising the identifier of the called terminal to a WEBRTC server, and receiving, by the first WEBRTC signaling gateway device, an access mode in which the called terminal accesses a WEBRTC signaling gateway device and a gateway identifier of the WEBRTC signaling gateway device accessed by the called terminal, wherein the access mode and the gateway identifier are transmitted by the WEBRTC server, and wherein the access mode comprises accessing via a web browser;
determining, by the first WEBRTC signaling gateway device, that the called terminal is a WEBRTC terminal according to the access mode, and transmitting the session request message to the called terminal via the WEBRTC signaling gateway device corresponding to the gateway identifier; and
receiving, by the first WEBRTC signaling gateway device, a session response message transmitted by the called terminal, and transmitting, by the first WEBRTC signaling gateway device, the session response message to the calling terminal, to enable the calling terminal to establish an end-to-end media channel between the calling terminal and the called terminal according to the session response message.

US Pat. No. 10,250,644

DETECTION AND REMOVAL OF UNWANTED APPLICATIONS

Malwarebytes, Inc., Sant...

1. A method comprising:detecting, by a protection application executing on a client device, a suspected unwanted application file associated with an application on the client device;
providing, from the client device to a security server, an indication of the suspected unwanted application file on the client device;
receiving, from the security server by the client device, an application rating and a definition for the application, the application rating representing a reputation of the application for being unwanted, wherein the application rating is based on a weighted combination of counts of detections of respective instances of the suspected unwanted application on a plurality of client devices that resulted in selections to remediate the respective instances, the counts weighted based on versions of protection applications executing on the plurality of client devices from which the selections were made;
responsive to determining that the application rating meets a threshold rating, presenting an option by the client device to remediate the application by:
detecting, during an installation process associated with the application, that a control element of a user interface of the installation process is selected by default to install the application; and
modifying the control element of the user interface to skip installing the application absent user intervention;
responsive to receiving a selection to remediate the application on the client device:
remediating the application using the definition for the application; and
providing, from the client device to the security server, an indication of the selection to remediate and a version of the protection application executing on the client device, wherein the security server updates the application rating based on the selection to remediate and the version of the protection application.

US Pat. No. 10,250,643

ENCRYPTION COMPLIANCE VERIFICATION SYSTEM

ALERTSEC, INC., Leesburg...

1. A compliance checker to verify that a device complies with a policy, the compliance checker comprising:a compliance checker plug-in installed on the device, the compliance checker plug-in receiving a request for compliance validation;
a compliance checker agent, to initiate the compliance validation, in response to receiving the request, to obtain an original file created to be written to a storage medium on the device and to retrieve a copy of the actual stored file from the storage medium on the device;
a comparator to determine whether the original file and the copy of the file are identical, wherein when the original file and the retrieved copy of the file are identical the device is not in compliance with the policy;
the compliance checker plug-in determining a compliance status of the device, based on data from the comparator, wherein the device is provided access when the compliance status indicates that the device complies with the policy.

US Pat. No. 10,250,642

SYSTEM, METHOD AND APPARATUS FOR FINE-GRAINED PRIVACY SPECIFICATION AND VERIFICATION

International Business Ma...

1. A method performed by at least one hardware processor, comprising:presenting a user interface via a display of a computing device, the user interface including at least one element that is activatable by a user to set a privacy policy, the privacy policy specifying a maximum amount of confidential data that is authorized to be leaked to a sink;
receiving from the user via the user interface an activation of the at least one element to set the privacy policy, the activation of at least one element comprising a selecting a category of fine-grain confidential data and specifying the maximum amount of fine-grain confidential data that is authorized to be leaked to the sink;
tracking movement of confidential data through an application, said tracking comprising tracking said fine-grain confidential data originating at a source and being transferred into a sink;
determining based on the tracked movement of the confidential data that the confidential data is leaked to the sink by the application;
comparing the confidential data that is leaked to the sink to the specified maximum amount of confidential data that is authorized to be leaked to the sink; and
presenting to the user via the user interface an indication that the application complies with the privacy policy set by the user upon determining that fine-grain confidential data that is leaked to the sink is below the specified maximum amount of confidential data that is authorized to be leaked to the sink, or
presenting to the user via the user interface an indication that the application does not comply with the privacy policy set by the user upon determining that the fine-grain confidential data that is leaked to the sink is above the specified maximum amount of fine-grain confidential data that is authorized to be leaked to the sink.

US Pat. No. 10,250,641

NATURAL LANGUAGE DIALOG-BASED SECURITY HELP AGENT FOR NETWORK ADMINISTRATOR

SRI International, Menlo...

1. A system comprising one or more computing devices configured to cause the system to:cause an exchange of conversational spoken natural language dialog data between the system and a user interface device that is communicatively coupled to a computer network;
access network context data indicative of a context of the computer network by querying a network application that is coupled to the computer network;
interpret at least a portion of the conversational spoken natural language dialog data and the network context data as a set of instructions executable by one or more devices of the computer network by identifying a subset of the conversational natural language dialog data as corresponding to network keyphrase data that is associated by a stored network dialog model with a network-related match criterion;
using the network context data, determine whether a network event that is associated with the conversational spoken natural language dialog data has occurred;
in response to dynamically determining a portion of the network context data corresponds to the network-related match criterion, extract a data value from the dynamically-determined portion of the network context data, the data value comprising a network address that is associated with the network event;
insert the dynamically-determined portion of the network context data that includes the data value into the set of instructions executable by one or more devices of the computer network; and
by executing the set of instructions, cause implementation of a change to a network policy by one or more devices that are communicatively coupled to the computer network in response to the exchange of the conversational spoken natural language dialog data between the system and the user interface device, wherein the change to the network policy is determined based at least in part on the network context data.

US Pat. No. 10,250,640

INFORMATION INFRASTRUCTURE MANAGEMENT DATA PROCESSING TOOLS WITH TAGS, CONFIGURABLE FILTERS AND OUTPUT FUNCTIONS

1. A method of organizing and storing data in an information infrastructure and for processing data throughput in a distributed computing system with respective ones of a plurality of filters, comprising:identifying sensitive content and select content in said data throughput with one or more of said plurality of filters, said sensitive content represented by one or more sensitive words, characters, images, data elements or data objects therein grouped into a plurality of sensitivity levels, said select content represented by one or more predetermined words, characters, images, data elements or data objects;
extracting and tagging said sensitive content and said select content from said data throughput including tagging said sensitive content based upon a respective sensitivity level of said plurality of sensitivity levels and generating tagged sensitive content and tagged select content;
data processing said tagged sensitive content and said tagged select content with: (a) a data storage process storing, in one or more data stores of a plurality of predetermined data stores; (b) a data mining process; (c) a copy process; (d) a transfer process to other predetermined storage stores; (e) a supplemental data search process; and, (f) a presentation process responsive to a data inquiry;
wherein said data throughput is a source document;
with said tagged sensitive content and said tagged select content, generating at least one tear line for said source document or a contextual range within said source document; and
thereafter data processing said tagged sensitive content and said tagged select content and said source document.

US Pat. No. 10,250,639

INFORMATION INFRASTRUCTURE MANAGEMENT DATA PROCESSING TOOLS FOR PROCESSING DATA FLOW WITH DISTRIBUTION CONTROLS

1. A method of processing data throughput in an information infrastructure in a distributed computing system with respective ones of a plurality of filters, comprising: identifying sensitive content or select content in said data throughput with one or more of said plurality of filters, said sensitive content represented by one or more sensitive words, characters, images, data elements or data objects therein grouped into a plurality of sensitivity levels, said select content represented by one or more predetermined words, characters, images, data elements or data objects;extracting and storing said sensitive content from said data throughput in respective data stores based upon said plurality of sensitivity levels;
classifying both the extracted sensitive content and said select content with a taxonomic category filter and generating classification tags therefor;
associating respective classification tags to the classified extracted sensitive content and said select content;
using the classification tags for data processing the stored sensitive content and said select content with: (a) a data mining process; (b) a copy process; (c) a transfer process to other predetermined storage stores; (d) a supplemental data search process; and (e) a presentation process responsive to a data inquiry;
using the classification tags in a structured data format for the transfer process and data storage; and,
repeating the extraction and storage on further data throughput.

US Pat. No. 10,250,638

CONTROL OF TRANSMISSION TO A TARGET DEVICE WITH A CLOUD-BASED ARCHITECTURE

ELWHA LLC, Bellevue, WA ...

17. A system, comprising:at least one computing device; and
one or more instructions that, when implemented in the computing device, program the at least one computing device for:
receiving a first electronic message for transmission to a target computing device and a second electronic message for transmission to the target computing device;
authorizing transmission of the first electronic message to the target computing device;
querying an image capture sensor of the target computing device to obtain an image of a current environment of the target computing device;
analyzing the image of the current environment of the target computing device to determine a context of the target computing device;
determining a threshold transmission time interval according to a mapping between the context of the target computing device and reference context data;
comparing an elapsed time since the authorizing transmission of the first electronic message to the target computing device with the threshold transmission time interval; and
in response to the comparing, authorizing transmission of the second electronic message to the target computing device when the threshold transmission time interval has elapsed following the authorizing transmission of the first electronic message to the target computing device.

US Pat. No. 10,250,637

SYSTEM AND METHOD OF PRE-ESTABLISHING SSL SESSION CONNECTIONS FOR FASTER SSL CONNECTION ESTABLISHMENT

CITRIX SYSTEMS, INC., Fo...

1. An appliance of pre-establishing Secure Socket Layer (SSL) session connections for SSL connection establishment, the appliance comprising: a secure session pre-handshake establishment module configured to:facilitate a secure session connection request between an appliance and a server associated with a website, with the secure session connection request including a name of the server associated with the website, wherein the facilitation causes the appliance to receive session information;
determine whether session information corresponding to the secure session connection request has been cached; determine whether the name of the server is associated with server names listed in a server group based on the determination that session information has not been cached; and
form secure session connections between the appliance and servers listed in the server group, based on the determination that the name of the server is associated with one of the server names listed in the server group, to pre-establish one or more SSL connections so that when one or more SSL connection requests are received, the one or more pre-established SSL connections can be used without performing full SSL handshake procedures.

US Pat. No. 10,250,636

DETECTING MAN-IN-THE-MIDDLE ATTACKS

ATTIVO NETWORKS INC, Fre...

1. A method for detecting man-in-the-middle (MITM) attacks, the method comprising:monitoring, by a computer system, network configuration traffic among network devices and network management devices of one or more subnets;
storing, by the computer system, first identification information for one or more network management devices referenced in the network configuration traffic;
transmitting, by the computer system, on at least one of the one or more subnets, a broadcast request for network configuration information;
detecting, by the computer system, at least one of (a) multiple responses to the broadcast request from multiple sources and (b) a response that includes second identification information that does not correspond to the first identification information; and
in response to detecting at least one of (a) and (b), determining, by the computer system that a potential MITM attack has occurred;
wherein the broadcast request for network configuration information is a request for a WPAD.dat file;
wherein the first identification information includes a first WPAD.dat file;
wherein the second identification information includes a second WPAD.dat file; and
wherein detecting at least one of (a) and (b) comprises detecting (b);
wherein detecting (b) comprises determining that the second WPAD.dat file is different from the first WPAD.dat file.

US Pat. No. 10,250,635

DEFENDING AGAINST DOS ATTACKS OVER RDMA CONNECTIONS

MELLANOX TECHNOLOGIES, LT...

1. Apparatus, comprising:one or more communication ports; and
a hardware processor, configured to establish a Remote Direct Memory Access (RDMA) connection between a client device and a server by:
receiving via the communication ports, from the client device, a first message indicating a request to establish the connection,
ascertaining that the first message does not include any cookie satisfying one or more criteria,
in response to ascertaining that the first message does not include any cookie satisfying the one or more criteria, designating a Queue Pair (QP) Number for the connection without allocating a QP having the designated QP Number,
sending, to the client device, a second message that includes a first cookie and indicates the designated QP Number,
subsequently receiving, from the client device, a third message,
ascertaining that the third message includes a second cookie, and that the second cookie satisfies the one or more criteria,
in response to ascertaining that the second cookie satisfies the one or more criteria, allocating the QP on the server, and
sending, to the client device, a fourth message indicating that the server is ready to receive data communication at the allocated.

US Pat. No. 10,250,634

APPARATUS, SYSTEM, AND METHOD FOR PROTECTING AGAINST DENIAL OF SERVICE ATTACKS USING ONE-TIME COOKIES

Juniper Networks, Inc, S...

1. An apparatus comprising:a storage device that stores a set of cookies that facilitate authenticating packets received from a node within a network; and
a processing unit communicatively coupled to the storage device, wherein the processing unit:
receives, from the node within the network, at least one time-synchronization packet that is formatted in a time-synchronization protocol as part of a time-synchronization operation;
identifies a cookie included in the time-synchronization packet received from the node;
searches the set of cookies stored in the storage device for the cookie included in the time-synchronization packet received from the node;
identifies, within the set of cookies stored in the storage device, the cookie included in the time-synchronization packet received from the node;
protects against a Denial of Service (DoS) attack by authenticating the legitimacy of the time-synchronization packet by:
confirming that the cookie included in the time-synchronization packet is identified in the set of cookies stored in the storage device; and
ensuring that the time-synchronization packet did not originate from a malicious node masquerading as a trusted peer; and
synchronizes the apparatus with the node based at least in part on a time-synchronization calculation that accounts for the time-synchronization packet.

US Pat. No. 10,250,633

SYSTEM AND METHOD FOR AUDIO FINGERPRINTING FOR ATTACK DETECTION

Telepathy Labs, Inc., Cl...

1. A computer-implemented method comprising:extracting, by a computing device, a first set of one or more audio features from at least a portion of a real-time communication on a communication channel, wherein extracting the first set of one or more audio features includes at least one of generating an audio fingerprint of at least the portion of the real-time communication on the communication channel and transcribing at least the portion of the real-time communication on the communication channel;
comparing the first set of one or more audio features from at least the portion of the real-time communication to a second set of one or more audio features from at least a portion of a previous real-time communication;
determining that at least a portion of the first set of one or more audio features matches the second set of one or more audio features;
identifying a potential social engineering attack connected to social engineering activity associated with at least the portion of the real-time communication on the communication channel responsive to, at least in part, matching the first set of one or more audio features from at least the portion of the real-time communication with the second set of one or more audio features from at least the portion of the previous real-time communication; and
performing an action responsive to, at least in part, identifying the potential social engineering attack connected to the social engineering activity associated with at least the portion of the real-time communication on the communication channel, wherein performing the action include providing an alert of the potential social engineering attack.

US Pat. No. 10,250,632

WEB SERVICE TESTING

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of web service testing within a computing environment, the method comprising:inferring a web service infrastructure from a web service hosted on a web server to facilitate testing of the web service, the inferring comprising:
downloading a web service description language (WSDL) file describing the web service from a location on the web server identified by a uniform resource locator (URL);
identifying at least one of a web service design technology and a web service technology provider from character strings indicative of the web service design technology and web service technology provider, respectively, in at least one of the WSDL file and URL; and
inferring the web service infrastructure from the at least one identified web service design technology and web service technology provider, wherein the inferring comprises evaluating individual pieces of web service infrastructure information, the evaluating including rejecting incompatible pieces of web service infrastructure information;
providing a security test tailored to test the web service based, at least in part, on the inferring of the web service infrastructure; and
testing the web service using the provided security test based, at least in part, on the inferred web service infrastructure.

US Pat. No. 10,250,631

RISK MODELING

Balbix, Inc., San Jose, ...

22. A method for modeling a risk of security breaches to a network, comprising:one or more agents gathering, from multiple sources across the network, analysis data that identifies observed characteristics of one or more nodes of the network, wherein said one or more agents are implemented in one or more of hardware and software;
generating, using the analysis data, a multi-layer risk model for the network that comprises a first model layer that models an inherent risk of security breaches to assets of the network based on the observed characteristics of the one or more nodes;
generating, using the multi-layer model, a statistical likelihood of a risk of security breach for each node of the network, wherein said analysis data and said statistical likelihood of a risk of security breach for each node of the network are generated using one or more entities that are implemented in one or more of hardware and software; and
providing, to a user, the statistical likelihood of the risk of security breach for at least one node of the network, wherein said statistical likelihood of the risk is transmitted over a computer network or electronically displayed upon a physical display.

US Pat. No. 10,250,630

SYSTEM AND METHOD FOR PROVIDING COMPUTER NETWORK SECURITY

WIPRO LIMITED, Bangalore...

1. A method for providing computer network security, the method comprising:gathering, via a processor, real-time threat information from one or more sources;
deriving, via the processor, security intelligence based on the real-time threat information;
determining, via the processor, a security measure based on the security intelligence; and
dynamically applying, via the processor, the security measure to a computer network using a set of virtual appliances and a set of virtual switches,
wherein dynamically applying comprises:
mapping the security measure to the set of virtual appliances, the set of virtual switches, and to a plurality of packet filters,
dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking,
service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, and
dynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances.

US Pat. No. 10,250,629

CAPTCHA RISK OR SCORE TECHNIQUES

A10 Networks, Incorporate...

1. A method comprising:receiving, by a service gateway, a service request from a client device, wherein the service gateway and client device are separate and distinct devices communicatively coupled through a communication network;
extracting, by the service gateway, client information from the received service request;
determining, by the service gateway using the client information, if the client device has been identified as a computer bot based upon a service policy and a bot database, wherein the bot database includes indications to distinguish between good computer bots and bad computer bots, wherein a good bot is within an acceptable threat threshold;
selecting, by the service gateway, a captcha in response to the service request when the client device has not been identified as a computer bot;
generating, by the service gateway, captcha instructions for the determined captcha;
generating, by the service gateway, an expected captcha response for the determined captcha; sending, by the service gateway, the captcha instructions to the client device;
receiving, by the service gateway, a captcha response from the client device in response to the captcha instructions;
comparing, by the service gateway, the captcha response to the expected captcha response to determine a risk level associated with the client device operating autonomously; and
if the client device has been identified as a computer bot, handling the service request based upon whether the computer bot is a good computer bot; and
if the client device has not been identified as a computer bot, handling the service request based upon the risk level associated with the client device operating autonomously.

US Pat. No. 10,250,628

STORYBOARD DISPLAYS OF INFORMATION TECHNOLOGY INVESTIGATIVE EVENTS ALONG A TIMELINE

Splunk Inc., San Francis...

1. A method comprising:causing display of a timeline view of events in an information technology security investigation;
causing display on the timeline view of one or more system events that contain data that reflect activity in an information technology environment, wherein each system event is positioned on the timeline according to a timestamp associated with the system event, wherein each system event is represented on the timeline by a graphical indicator;
causing display on the timeline view of one or more investigative events reflecting investigative activity performed in association with a security investigation of one or more of the system events, wherein each investigative event is represented on the timeline by a graphical indicator;
while causing display of the timeline view, causing display of a storyboard view of system events and investigative events displayed in the timeline view, wherein a storyboard panel includes a view of one or more selected system events in addition to a view of any related investigative events, the storyboard panel enables a user to progress through detailed information regarding user investigative activities associated with system events that are indicative of security threats in a chronological fashion, wherein the storyboard view displays one or more storyboard panels at a time;
receiving user input to add one or more annotations to a displayed storyboard panel, wherein the displayed storyboard panel displays information related to a specific system event;
storing the one or more annotations in association with the specific system event.

US Pat. No. 10,250,627

REMEDIATING A SECURITY THREAT TO A NETWORK

HEWLETT PACKARD ENTERPRIS...

1. A method for remediating a security threat to a network, the method comprising:obtaining, from a network, security information about the network to determine traffic patterns of the network;
identifying, based on the traffic patterns of the network, a security threat to the network;
determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat comprising:
presenting a number of workflow templates from the workflow library and a number of SDN flow rule templates from the playbook library to a user;
receiving a selection from the user, the selection comprising the workflow template and the at least one SDN flow rule template; and
advancing, based upon the selection of the user, a workflow based on the workflow template by adding the SDN flow rule based on the at least one SDN flow rule template to a flow table of the network; and
deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.

US Pat. No. 10,250,626

ATTACKING NODE DETECTION APPARATUS, METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM THEREOF

Institute For Information...

1. An attacking node detection apparatus, comprising:a storage unit, storing a plurality of access records of an application, wherein each of the access records comprises a network address of a host and an access content regarding the host accessing the application; and
a processing unit, being electrically connected to the storage unit and configured to filter the access records into a plurality of filtered access records according to a predetermined rule, wherein the access content of each of the filtered access records conforms to the predetermined rule;
wherein the processing unit further creates at least one access relation for each of the network addresses according to the filtered access records, each of the access relations is defined by one of the network addresses and one of the access contents,
wherein the processing unit further identifies a specific network address among the network addresses as a first attacking node according to the access relations;
wherein the processing unit further determines at least one node relation for each of the network addresses according to the access relations, each of the node relations is defined by two of the network addresses, the processing unit further assigns an initial score to the first attacking node, the processing unit further propagates the initial score according to a propagation algorithm and the node relations so that each of the network addresses has a propagated score, the processing unit further selects at least one second attacking node among the network addresses, and the propagated score of each of the at least one second attacking node is greater than a predetermined threshold.

US Pat. No. 10,250,625

INFORMATION PROCESSING DEVICE, COMMUNICATION HISTORY ANALYSIS METHOD, AND MEDIUM

NEC Corporation, Tokyo (...

1. An information processing device comprising a processor configured to:calculate a degree of possibility that indicates a degree of certainty of a practical user agent permitted to operate as a portion of a client, with respect to each user agent that relates to a user agent character string, based on a history of communication between the client and a server, the history including at least an identifier of the server, an identifier of the client, and the user agent character string included in a request header that is sent from the client and includes information about at least one of a browser, a plug-in installed in the browser, and a toolbar installed in the browser; and
output, based on the degree of possibility, disguise information that is information regarding communication performed by a fake user agent impersonating the practical user agent, wherein the processor is further configured to exclude the user agent character string when it includes a specific string.

US Pat. No. 10,250,624

METHOD AND DEVICE FOR ROBUST DETECTION, ANALYTICS, AND FILTERING OF DATA/INFORMATION EXCHANGE WITH CONNECTED USER DEVICES IN A GATEWAY-CONNECTED USER-SPACE

Oak Tree Logic, LLC, Aus...

1. A security appliance comprising:a network port enabling direct connection to a gateway;
a storage module having stored thereon firmware for operating the security appliance; and
a processor that executes the program code of the firmware, which configures the security appliance to:
establish a seamless communication interface with a connected gateway;
in response to establishing the seamless communication interface, monitor traffic coming into and going out from the connected gateway;
identify traffic anomalies within the monitored traffic; and
in response to identifying one or more of the traffic anomalies:
block and filter out unwanted and undesirable traffic associated with the traffic anomalies; and
initiate steps to report on and prevent further occurrence of the traffic anomalies, by generating one or more alerts and filtering out the captured data in preparation for forwarding to a remote server database; and
forward the filtered information about the identified traffic anomalies to a centralized database for evaluation and reporting;
enable manual configuration of an “away” mode selection to one of an enabled mode or disabled mode of operation; and
mask internet bounded traffic by configuring the security appliance to:
detect periods of statistical change that are indicative of an “away” period; and in response to detecting periods of statistical change indicative of the away period, generate internet traffic and communications with random content to Internet sites in a manner that is statistically indistinguishable from communication patterns during an “at-home” period.

US Pat. No. 10,250,623

GENERATING ANALYTICAL DATA FROM DETECTION EVENTS OF MALICIOUS OBJECTS

Malwarebytes, Inc., Sant...

1. A method for detecting malicious objects, the method comprising:receiving, from a malware detection application executing on a client, client information indicating a client state describing at least one protection application executing on the client and a geolocation associated with the client;
receiving, from the malware detection application, a new detection event describing a malicious object on the client that went undetected by the at least one protection application and was subsequently detected by the malware detection application when the client is in the client state, the new detection event further including a time associated with the new detection event;
mapping the new detection event to the client state when the malicious object was detected for storage in a detections database;
generating aggregate detection information by aggregating the new detection event with historical detection events stored in the detections database for a plurality of clients executing instances of the malware detection application and instances of the at least one protection application, the aggregate detection information indicating a count of detection events on the plurality of clients in which the malicious object went undetected by the respective instances of the at least one protection application and was subsequently detected by the instances of the malware detection application;
generating a user interface displaying the count of detection events and including a control for generating a playback of the aggregate detection information, wherein in response to selection of the control, the user interface displays a sequence of indicators at coordinates of a map corresponding to respective geolocations of the historical detection events, the indicators being displayed according to the respective times associated with the historical detection events to indicate geographic spread of the malicious object on the plurality of clients; and
providing the user interface to an administrative client for presentation.

US Pat. No. 10,250,622

USING MULTIPLE LAYERS OF POLICY MANAGEMENT TO MANAGE RISK

GLASSWALL (IP) LIMITED, ...

1. A system, comprising:a processor;
a receiver to receive a file at a computer system, the file including a content, the content of the file including a first portion;
a file type identifier to identify a purported file type of the file;
a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue ID; a quarantine that can store the file;
a file issue exclusion policy specifying an approved file type and a second issue ID;
a file content policy that can be used to:
allow the first portion of the content of the file to be included in the file, quarantine the file, or
sanitize the first portion of the content of the file,
the file content policy including a whitelist of known approved portions of content;
the processor executing a comparator to compare the first portion of the content of the file with the whitelist, wherein the first portion of the content of the file can be included in the file based at least in part on the first portion of the content of the file matching a known approved portion of content in the whitelist; and
a transmitter to transmit the file to the recipient instead of storing the file in the quarantine based at least in part on the approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID.

US Pat. No. 10,250,621

AUTOMATIC EXTRACTION OF INDICATORS OF COMPROMISE FROM MULTIPLE DATA SOURCES ACCESSIBLE OVER A NETWORK

EMC IP Holding Company LL...

1. A method comprising:configuring one or more web crawlers to obtain textual information from a plurality of data sources accessible over at least one network;
extracting terms likely to be associated with indicators of compromise from the obtained textual information;
filtering the extracted terms to identify terms corresponding to respective valid indicators of compromise;
generating links between the terms corresponding to the respective valid indicators of compromise;
converting the links and the corresponding terms into an output document in a specified indicator of compromise format;
transmitting the output document to an analyst device;
receiving feedback from the analyst device relating to the output document; and
adjusting at least one filter parameter of the filtering based at least in part on the received feedback;
wherein the method is performed by at least one processing device comprising a processor coupled to a memory.

US Pat. No. 10,250,620

SAFE CODE FOR SIGNATURE UPDATES IN AN INTRUSION PREVENTION SYSTEM

Microsoft Technology Lice...

1. In a computing environment, a method comprising:obtaining, by an engine, a signature including executable logic that is executed to evaluate network traffic for detecting the signature and a state machine for tracking a state of a protocol defined by the executable logic of the signature;
determining that the executable logic of the signature is signed by a publisher;
generating tokens by parsing the network traffic according to one or more expressions obtained from the executable logic;
sending the generated tokens to the state machine of the signature;
allowing the state machine of the signature to use the generated tokens to track the state of the protocol as the network traffic is processed by the engine; and
receiving a detected pattern of content from the state machine based on the tokens used by the state machine.

US Pat. No. 10,250,619

OVERLAY CYBER SECURITY NETWORKED SYSTEM AND METHOD

MISSION SECURE, INC., Ch...

1. An overlay cyber security method comprising:providing an overlay secure network comprising a communication channel associated with a Process Control Network (PCN);
associating, with each component of the Process Control Network (PCN), identification information that generates an identity for each component, the identity permitting timestamp information to be associated with one or more physical-level signals received or output by the component;
receiving, by at least one security device via the communication channel of the overlay security network, physical-level signals received or output by a component of the Process Control Network (PCN);
receiving, by the at least one security device and using the communication channel, at least one physical-level signal received by a controller of the component or at least one network-level signal output by the controller of the component;
obtaining, by the at least one security device, derived state information associated with the component via a network, the derived state information including the timestamp information associated with the one or more physical-level signals received or output by the component;
obtaining, by the at least one security device, stored historical state information associated with the component from a computer-readable historian device, the historical state information including stored timestamp information;
determining, by the at least one security device, occurrence of an unexpected state associated with the component based on a vertical consistency comparison of the physical level signals received or outputted by the component and one of the derived state information and said or the historical state information, and based on a horizontal state estimation consistency comparison of a plurality of said physical-level signals including the physical level signals received or outputted by the component and physical level signals received or outputted by other components at a same level as the component in the Process Control Network (PCN);
capturing and storing information associated with the unexpected state using an event message, the captured and stored information including the identification information associated with the component of the PCN and a unique identifier associated with the security device;
transforming the event message into a formatted message; and
outputting the formatted message via an interface to a forensic analysis system.

US Pat. No. 10,250,618

ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS

VERISIGN, INC., Reston, ...

1. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers;
in response to detecting the DoS attack or potential DoS attack, receiving, at a second server system comprising one or more servers, network traffic directed to the first server system;
subjecting requesting clients to at least one challenge mechanism by directing clients to complete the at least one challenge mechanism until a portion of network traffic originating from non-suspect clients reaches a threshold, the at least one challenge mechanism comprising challenging requesting clients to request Secure Sockets Layer (SSL) session resumption;
identifying one or more non-suspect clients, the one or more non-suspect clients corresponding to requesting clients that successfully complete the at least one challenge mechanism;
identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the at least one challenge mechanism; and
forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system.

US Pat. No. 10,250,617

SYSTEMS AND METHODS FOR DETECTING MALWARE USING MACHINE LEARNING

Symantec Corporation, Mo...

1. A computer-implemented method for detecting malware using machine learning, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying, by the computing device, data to be analyzed for malware;
classifying the data to be analyzed for malware using a classifier created by applying a combination of at least one deep learning neural network, wherein a deep learning neural network comprises multiple layers of artificial neural networks, and at least one supervised data mining method to:
extract features from training data using one method of the deep learning neural network or the supervised data mining method; and
classify the features using the other method of the deep learning neural network or the supervised data mining method;
determining, by the computing device and based on a predefined threshold, that the classification of the data indicates potential malware on the computing device; and
performing, by the computing device, a security action based on the determination of potential malware on the computing device.

US Pat. No. 10,250,616

SERVER AND USER TERMINAL

Samsung Electronics Co., ...

1. A server, comprising:communication circuitry configured to communicate with a plurality of external terminals;
a storage; and
a processor configured to, based on a request for hardware integrity verification of a second external terminal being received from a first external terminal through the communication circuitry, perform hardware integrity verification of the second external terminal using reference data of the second external terminal stored in the storage,
wherein, based on the second external terminal accessing the first external terminal, the server is configured to receive from the first external terminal a transmission of the request for hardware integrity verification of the second external terminal,
wherein, based on the request for the hardware integrity verification being received, the processor is configured to control the communication circuitry to request transmission of data for the hardware integrity verification of the second external terminal to the second external terminal, not via the first external terminal, and
wherein, based on the data for the hardware integrity verification of the second external terminal being received from the second external terminal, not via the first external terminal, the processor is configured to perform the hardware integrity verification of the second external terminal by comparing the received data with the stored reference data.

US Pat. No. 10,250,615

ANALOG SECURITY FOR DIGITAL DATA

AIRWATCH LLC, Atlanta, G...

1. A system, comprising:a computing device comprising a processor and a memory; and
an application comprising a set of machine readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least:
receive encrypted framelet data from a network service in response to a request to view content, the content comprising a plurality of pixels, wherein a respective pixel is divided into a plurality of subpixels;
decrypt the framelet data to generate a first framelet, the first framelet comprising a first subset of the subpixels, wherein the first framelet requires visual alignment with a second framelet to reproduce the content, and a particular shade of the respective pixel is reproduced by the first subset of the subpixels being overlaid with a second subset of the subpixels, the second framelet comprising the second set of the subpixels; and
display the first framelet on the computing device, wherein the second framelet is displayed by a second computing device.

US Pat. No. 10,250,614

ACCOUNT SHARING PREVENTION AND DETECTION IN ONLINE EDUCATION

STUDY SOCIAL, INC., Gain...

1. A method of preventing account sharing, said method comprising:receiving first information from an authentication computer that has authenticated a user of a first computing device, said first information identifying a user account of an education application;
logging in said first computing device to said education application and streaming a first video from a server computer to said first computing device;
receiving second information from said authentication computer that has authenticated a user of a second computing device different from said first computing device, said second information also identifying said user account of said education application, said receiving occurring while said first computing device is logged in;
determining that said first information and said second information both identify said user account;
determining that device information from said authentication computer for said second computing device is different from device information for said first computing device stored in a database; and
preventing said second computing device from logging in to said education application unless it is determined that said streaming of said first video to said first computing device has ended, that said first and second computing devices are in different device classes, and that said second video streamed to said second computing device is the same as said first video streamed to said first computing device.

US Pat. No. 10,250,613

DATA ACCESS METHOD BASED ON CLOUD COMPUTING PLATFORM, AND USER TERMINAL

TENCENT TECHNOLOGY (SHENZ...

1. A data access method based on a cloud computing platform, the method being performed by a user terminal, and the method comprising:obtaining, by the user terminal, an access request for a data ciphertext of the cloud computing platform, the access request comprising a decryption key, and the decryption key comprising a user precise identity identifier and a user attribute identifier;
decrypting, by the user terminal, the data ciphertext into a data plaintext, in response to the user precise identity identifier belonging to an identity identifier set comprised in an access structure of the data ciphertext and/or in response to the user attribute identifier belonging to a user attribute identifier set comprised in the access structure of the data ciphertext; and
before the obtaining the access request:
sending, by the user terminal, a data query request to the cloud computing platform, the data query request comprising a query condition that is authorized by a query key and comprising a permission type of the query key, the query condition comprising the user attribute identifier, and the permission type of the query key indicating whether the query key comprises permission time validity,
wherein, in response to the cloud computing platform identifying, based on the permission type of the query key, that the query key does not comprise the permission time validity, the cloud computing platform queries, from data ciphertexts that are stored in the cloud computing platform, an index ciphertext of the data ciphertext and the data ciphertext that are matched to the user attribute identifier comprised in the query condition, to obtain the data ciphertext; and
receiving, by the user terminal, the data ciphertext that is obtained, from the cloud computing platform.

US Pat. No. 10,250,612

CROSS-ACCOUNT ROLE MANAGEMENT

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a user, associated with a first account, with a temporary credential enabling the user to assume a role under a second account, the role having access rights to one or more resources under the second account;
sending information about the providing of the temporary credential to a management component associated with the first account and restricted to users authorized through the first account, the information including an access identifier;
receiving, at an interface associated with the second account, a communication including identifying information about the user stored under the first account and the access identifier;
storing the identifying information and the access identifier to an event repository associated with the second account;
receiving a request for access to the one or more resources associated with the second account, the request specifying the access identifier;
storing request information for the request in the event repository, the request information specifying the access identifier to link the request to the communication and identify actions performed by the user of the first account; and
enabling the identifying information to be associated with the request information in the event repository using the access identifier.

US Pat. No. 10,250,611

AUTHENTICATING DRIVERS

Allstate Insurance Compan...

1. A device, comprising:a processor; and
memory storing computer-executable instructions that, when executed by the processor, cause the device to:
receive global positioning system (GPS) data indicating location data of the device collected during a driving trip in a vehicle;
analyze the received GPS data to determine one or more stopping points during the driving trip, wherein the one or more stopping points correspond to one or more locations at which the vehicle stopped during the driving trip;
receive vehicle sensor data related to the vehicle and collected during the driving trip;
analyze the received vehicle sensor data to determine a total number of turns during the driving trip; and
determine a driving pattern for the driving trip, based at least in part on the determined one or more stopping points and the determined total number of turns.

US Pat. No. 10,250,610

METHOD AND SYSTEM FOR COMMUNICATION CONTROL

International Business Ma...

1. An apparatus for communication control, the apparatus comprising:a memory; and
a processor, the processor communicatively coupled to the memory, the processor configured to:
receive, from an initiator, a request to initiate a communication with a first user, the request including a first identification specific to the first user, the first identification being different from a first communication account used by the first user to receive communications;
determine, based on a communication mapping associated with the first user, whether the initiator is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized initiators allowed to communicate with the first user and respective identifications to be used by the authorized initiators, wherein the communication mapping is solely assigned to the first user, and wherein the communication mapping is separate from any communication mapping of the initiator, and wherein the communication mapping of the first user is solely used for the determination;
obtain, in response to determining that the initiator is allowed to communicate with the first user using the first identification and from the communication mapping, the first communication account used by the first user, the first communication account distinct from a plurality of communication account entries of the first user used to receive communications from other initiators;
obtain, from the communication mapping, an initiator identification specific to the initiator, the initiator identification being different from an initiator communication account to be used by the initiator for the communication, the initiator identification being generated by a communication service provider that facilitates the communication between the initiator and the first user; and
present the initiator identification to the first user in the communication between the initiator and the first user.

US Pat. No. 10,250,609

PRIVILEGED ACCESS TO TARGET SERVICES

CyberArk Software Ltd., ...

1. A credentials management system for managing credentials for use in an authentication protocol, comprising:at least one hardware processor configured to:
determine that a client requires a specific permission to access a target service according to the authentication protocol;
identify, based at least in part on the determination, a credential accessible to the credentials management system, the identified credential being associated with the client but not accessible to the client;
communicate with an authentication service using the identified credential to obtain an authenticator on behalf of the client based on the identified credential;
receive the authenticator from the authentication service, responsive to the authentication service authenticating the credentials management system based on the identified credential; and
send the authenticator to the client thereby enabling use of the authenticator by the client for client operations with the target service.

US Pat. No. 10,250,608

METHODS AND SYSTEMS FOR MANAGING A NETWORK NODE THROUGH A SERVER

PISMO LABS TECHNOLOGY LIM...

1. A method for allowing a user to manage a network node through a management server, comprising:(a) at the network node, receiving an user's identity and authentication information from an administrator;
(b) at the network node, sending the user's identity and authentication information from the network node to the management server;
(c) at the management server, updating a record of users according to the users' identities and authentication information; and
(d) at the management server, allowing the user to manage the network node through the management server; wherein the user is allowed to manage when a management request is received from the user at a management user interface (MSUI) with the same user's identity and authentication information as the user's identity and authentication information sent by the network node.

US Pat. No. 10,250,607

CONTROL SYSTEMS AND METHODS FOR PROVIDING USER ACCESS TO EXTERNAL DEVICES VIA COMMUNICATIONS NETWORKS

PM INVESTIGATIONS, INC., ...

1. A control system for providing a user with access to an external device via a communication network, the control system comprising:a control device having processor circuitry, a first port, and a first set of switches;
the first port having lines including at least one power line and at least one data line, a first of the lines being connected to a first switch of the first set of switches, a second of the lines being connected to a second switch of the first set of switches;
the processor circuitry being configured to control positions of the first set of switches between an access-approved mode, in which the first set of switches are closed to electrically enable the first port, and an access-denied mode, in which one of the first set of switches is open to electrically disable the first port;
the processor circuitry being configured to:
operate in the access-denied mode as a default mode of operation such that the user is unable to access the external device via the communication network, the external device being externally connected to the control device via the first port;
receive access request information from the user via the communication network requesting access to communicate with the external device;
determine whether the user is authorized access in response to receiving the access request information;
if the user is authorized access, provide the user an approval code via the communications network; and
in response to receiving login information and the approval code from the user via the communication network, operate in the access-approved mode for a predetermined time period such that the user is able to access the external device through the control device via the first port during the predetermined time period;
wherein, in the access-denied mode, the processor circuitry controls the first set of switches to be open at random; and
wherein each of the switches is configured as either a mechanical switch, programmable logic or solid-state circuitry.

US Pat. No. 10,250,606

NETWORK ACCESS METHOD, PROXIMITY COMMUNICATIONS SERVER, RELAY TERMINAL AND TERMINAL

Huawei Technologies Co., ...

1. A network access method, comprising:receiving, by a proximity communications server, a relay access verification request from a relay terminal, wherein the relay access verification request corresponds to a trunking communication request from a terminal;
verifying, by the proximity communications server, based on the relay access verification request, that the terminal is authorized to perform network access using the relay terminal;
authorizing, by the proximity communications server, the relay terminal to activate a relay function by sending a relay authorization response message to the relay terminal, wherein the relay authorization response message carries indication information indicating that the terminal is allowed to perform network access via trunking communications using the relay terminal;
acquiring, from a home subscriber server, group information of a trunking communications group to which the terminal belongs;
acquiring a network address of a trunking communications server that the terminal is allowed to access according to the group information; and
sending, to the relay terminal, the network address.

US Pat. No. 10,250,604

STORAGE MEDIUM, INFORMATION-PROCESSING DEVICE, INFORMATION-PROCESSING SYSTEM, AND NOTIFICATION METHOD

Nintendo Co., Ltd., Kyot...

1. A non-transitory storage medium storing a program for causing a computer to execute a process, the process comprising:accepting a login from a first user;
detecting receipt of a chat request from a second user different from the first user,
upon detecting receipt of the chat request, in response to matching of a destination of the received chat request and the first user who is logged in, displaying a first screen for notifying the receipt of the chat request, the first screen including a button for starting a chat with the second user, and in response to the destination of the received chat request and the first user who is logged in not being matched, displaying a second screen for notifying the receipt of the chat request, the second screen not including the button for starting a chat with the second user.

US Pat. No. 10,250,603

CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request to launch a virtual machine in a multi-tenant environment;
determining a policy corresponding to the request;
determining that the request comprises an indication for a scan to be performed on the virtual machine;
causing a scanning virtual machine to perform the scan on the virtual machine, wherein the scanning virtual machine and the virtual machine are hosted within the multi-tenant environment;
evaluating a result of the scan against the policy corresponding to the request;
determining that the result of the scan complies with at least one scan requirement of the policy; and
enabling the virtual machine to access one or more additional resources in the multi-tenant environment.

US Pat. No. 10,250,602

AUTHENTICATOR CENTRALIZATION AND PROTECTION

Early Warning Services, L...

1. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising:receiving authenticators for a user and storing the received authenticators;
receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;
determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy;
when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and
when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.

US Pat. No. 10,250,601

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

1. A processor-implemented method for updating drivers, the method comprising:receiving, by a processor, a connection request from a first computer in a second computer;
creating a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
receiving the created connection handshake from the first computer in a second computer;
determining the first computer is authorized to connect to the second computer based on the plurality of client credentials;
comparing, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
transmitting a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary; and
installing the driver update in the first computer.

US Pat. No. 10,250,600

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

8. A computer program product for updating drivers, the computer program product comprising:one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more tangible storage media, the program instructions executable by a processor, the program instructions comprising:
program instruction to receive, by a processor, a connection request from a first computer in a second computer;
program instructions to create a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
program instructions to receive the created connection handshake from the first computer in a second computer;
program instructions to determine the first computer is authorized to connect to the second computer based on the plurality of client credentials;
program instructions to compare, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
program instructions to transmit a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary.

US Pat. No. 10,250,599

QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION

Capital One Services, LLC...

1. A method performed by a user device, comprising:obtaining, by the user device, biometric information relating to a user of the user device using a biometric sensor of the user device;
determining, by the user device, that the biometric information is valid;
generating, by the user device, a biometric indicator indicating that the biometric information is valid;
providing, by the user device, a request for a callback from an entity,
wherein the request includes:
the biometric information indicating that the biometric information is valid, and
data indicating a queue associated with the callback; and
receiving, by the user device, the callback from the entity,
wherein the callback is received based on the biometric information indicating that the biometric information is valid, and
wherein the callback is associated with an entity identifier that is not provided to the user.

US Pat. No. 10,250,598

LIVENESS DETECTION METHOD AND DEVICE, AND IDENTITY AUTHENTICATION METHOD AND DEVICE

ALIBABA GROUP HOLDING LIM...

1. A method for identity verification using facial information comprising:collecting, by a computing device, biological characteristic information of a user;
displaying, by the computing device, the collected biological characteristic information at an initial position on a screen of the computing device;
determining, by the computing device, a target position using the initial position, and displaying the target position on the screen
randomly generating, by the computing device, a candidate target position based on the initial position;
using, by the computing device, the candidate target position as a target position upon determining that the candidate target position and the initial position satisfy a predetermined condition;
displaying, by the computing device, the target position on the screen;
prompting, by the computing device, the user to move the user's biological characteristic information to cause the displayed biological characteristic to move from the initial position on the screen to the target position on the screen;
detecting, by the computing device, the user's biological characteristic information movement, and determining the display position of the displayed biological characteristic information using the detected user's movement; and
judging, by the computing device, whether the user is a living being using a relationship between the determined display position and the target position.

US Pat. No. 10,250,597

SYSTEMS AND METHODS FOR PERFORMING USER RECOGNITION BASED ON BIOMETRIC INFORMATION CAPTURED WITH WEARABLE ELECTRONIC DEVICES

VERIDIUM IP LIMITED, Lon...

1. A computer implemented method for performing user recognition with a mobile computing device according to biometric information captured by a monitoring device worn by a user, the monitoring device being one of a plurality of different monitoring devices worn by the user at the same time or at different times, the method comprising:detecting, by the mobile computing device including a processor, a wireless transceiver, a storage medium, and instructions stored on the storage medium and executing in the processor, a wearable monitoring device in range of the wireless transceiver;
establishing, by the processor using the transceiver, a wireless communication link with the monitoring device;
receiving, by the processor over the wireless communication link, a monitoring device ID that distinctively identifies the monitoring device, and monitoring data captured by the monitoring device, wherein the monitoring data includes captured biometric data of at least one subject;
analyzing, by the processor, at least the received biometric data, the analysis including:
identifying, by the processor based on the device ID, the respective type of biometric data captured by the monitoring device,
extracting, by the processor according to the identified type of biometric data, biometric features of a type that is suitable for performing biometric user recognition, and
generating, by the processor using the extracted biometric features, a biometric identifier;
comparing the received device ID to a record of monitoring device IDs stored in a database in association with one or more user identities;
determining, based on the comparison, whether the monitoring device is associated with a particular user identity;
biometrically recognizing a user identity, by at least one or more of the mobile device processor and a remote server computing device in communication with the mobile device over a network, based on the biometric identifier, the recognizing step including:
if, at the determining step, the device ID is determined to be associated with the particular user identity:
comparing the biometric identifier to an enrolled biometric identifier stored in the database and associated with the particular user identity, and
identifying the user identity in response to a successful match of the biometric identifier to the enrolled biometric identifier;
if, at the determining step, the device ID is not determined to be associated with the particular user identity:
comparing the biometric identifier to a plurality of enrolled biometric identifiers stored in the database, wherein the plurality of enrolled biometric identifiers are associated with respective user identities,
identifying the user identity in response to a successful match of the biometric identifier to an enrolled biometric identifier that is associated with the user identity, and
in the absence of a successful match of the biometric identifier to any enrolled biometric identifier,
capturing, with the processor using a camera of the mobile computing device, at least one image of the user,
extracting, with the processor from the at least one image, biometric features of the user depicted in the one or more images,
generating, with the processor, an image-based biometric identifier based on the extracted biometric features of the user depicted in the one or more images,
comparing the image-based biometric identifier to at least one enrolled image-based biometric identifier that is stored in the database in association with a mobile device identifier and the user identifier, and
identifying the user identity in response to a successful match of the image-based biometric identifier to the at least one enrolled image-based biometric identifier;
creating, by the remote server computing device in response to biometrically recognizing the user identity and according to a mobile device identifier, a record entry in a user profile stored in the database, wherein the user profile is uniquely associated with the user identity and the mobile device identifier, and wherein the record entry includes a result of the recognizing step and the device ID and at least a portion of the monitoring data captured by the monitoring device, whereby storing record entries in the user profile according to the mobile device identifier serves to compile monitoring data associated with the user identity and the user's mobile device irrespective of which of the plurality of monitoring devices is used to capture the monitoring data; and
transmitting, by the remote server over a network to a remote computing device, a confirmation indicating that the record entry was created and the result of the identifying step.

US Pat. No. 10,250,596

MONITORING ENCRYPTED COMMUNICATION SESSIONS

International Business Ma...

1. A method for monitoring encrypted communication sessions between computing devices, comprising:observing first messages of a handshaking procedure between a client device and a first server device, the handshaking procedure establishing an encrypted communication session between the client and first server devices;
determining, from the first messages, a session context for the encrypted communication session and an identifier associated with the session context;
storing the session context in a server database indexed by the identifier;
observing, subsequent to the storing, resumption messages of a resumption handshaking procedure between the client device and a second server device, the resumption handshaking procedure resuming the encrypted communication session after an interruption,
wherein the server database is accessible to the first server device and the second server device,
wherein the second server participates in the resumption handshaking procedure in the pace of the first server;
determining that the resumption messages include the identifier associated with the session context;
retrieving, from the server database, the session context using the identifier; and
monitoring the resumed encrypted communication session using the session context.

US Pat. No. 10,250,595

EMBEDDED TRUSTED NETWORK SECURITY PERIMETER IN COMPUTING SYSTEMS BASED ON ARM PROCESSORS

GBS Laboratories, LLC, H...

1. A computing system with an embedded network security perimeter that incorporates capabilities to secure external network communications comprising:a computer system based on an Advanced RISC (Reduced Instruction Set Computer) Machines (ARM) processor with integrated Security Extensions;
an embedded network security perimeter running in a Trusted Execution Environment (TEE) on the ARM processor with dedicated memory and storage; and
an Operating System (OS) running in a Rich OS Execution Environment on the ARM processor with a dedicated memory and a storage for the OS;
wherein the TEE and Rich OS Execution Environment are hardware isolated from each other using the integrated security extensions,
wherein only the embedded network security perimeter has an access to a physical network interface,
wherein all network traffic from the Rich OS to external networks goes through security checks and transformations performed by the embedded network security perimeter in the TEE,
wherein the embedded network security perimeter is controlled by a management service,
wherein the management service uses a security policy as a primary source of configuration data, and
wherein the security is protected using an encryption signature for decryption and a digital signature of the security policy is accessible only from the TEE.

US Pat. No. 10,250,594

DECLARATIVE TECHNIQUES FOR TRANSACTION-SPECIFIC AUTHENTICATION

Oracle International Corp...

1. A method, comprising:receiving, by an access manager system implemented using at least one hardware processor, an authentication request from an application system, the authentication request being for a transaction that a user has requested the application system to perform, wherein the authentication request includes information identifying an attribute of the transaction and a value received by the application system for the attribute of the transaction, wherein the attribute of the transaction and the value received by the application system for the attribute of the transaction are selected from a set of data for the transaction, the set of data comprising one or more attributes and one or more associated values;
transmitting, by the access manager system, to a client device associated with the user, attribute information identifying the attribute of the transaction;
receiving, by the access manager system, from the client device, a first one-time password (OTP), wherein the first OTP is generated by the client device using a value provided at the client device and a first token, and wherein the first token is generated by the client device using a token generation technique;
generating, by the access manager system, a second token using the token generation technique;
generating, by the access manager system, a second OTP, wherein the second OTP is generated by the access manager system using the second token and the value included in the authentication request;
comparing the first OTP to the second OTP;
based on the comparing, determining, by the access manager system, that the first OTP matches the second OTP, wherein the matching of the first OTP and the second OTP indicates that the value provided at the client device matches the value included in the authentication request; and
based on determining that the first OTP matches the second OTP, transmitting, by the access manager system to the application system, an authentication result indicating that the user is successfully authenticated for the transaction.

US Pat. No. 10,250,593

IMAGE BASED KEY DEPRIVATION FUNCTION

Visa International Servic...

1. A computing device comprising:a processor; and
a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including:
receiving, from another computing device, an identifier and first encrypted data that was encrypted using an image-based derived key, the identifier being stored with the image-based derived key in an entry of a database;
determining the image-based derived key associated with the identifier,
wherein the image-based derived key is generated from a selection of authentication images, and a combination of image identifiers and pixel properties of the authentication images is used as an image input value to an image-based derived key function, and
wherein the image-based derived key is further generated based on:
an adjustable iteration count value being an input to the image-based derived key function indicating a number of repetitions that the image-based derived key function is performed to generate the image-based derived key;
an adjustable key length indicating a length of the image-based derived key; and
a salt value based on the identifier that is stored with the image-base derived key in the entry of the database; and
decrypting the first encrypted data.

US Pat. No. 10,250,592

APPROACH FOR ACCESSING THIRD-PARTY CONTENT COLLABORATION SERVICES ON INTERACTIVE WHITEBOARD APPLIANCES USING CROSS-LICENSE AUTHENTICATION

RICOH COMPANY, LTD., Tok...

1. An apparatus comprising:one or more processors, and
one or more memories storing instructions which, when processed by the one or more processors, cause a management service to:
receive, from an application executing on an Interactive Whiteboard (IWB) appliance, a first request to perform a content collaboration function with respect to a first user on a first collaboration service and a second user on a second collaboration service, wherein both the first collaboration service and the second collaboration service are external to both the application executing on the IWB appliance and the apparatus,
wherein the management service supports a first Application Program Interface (API), the first collaboration service supports a second API that is different than the first API, a second collaboration service supports a third API that is different from both the first API and the second API, and the first request to perform the collaboration function with respect to the first user on a first collaboration service and the second user on a second collaboration service satisfies requirements of the first API,
determine whether the first collaboration service is the same as the second collaboration service,
in response to determining that the first collaboration service is not the same as the second collaboration service, generate, based upon the first request to perform the collaboration function with respect to the first user on a first collaboration service and the second user on a second collaboration service, a second request to perform the collaboration function with respect to the first user on the first collaboration service and the second user on the second collaboration service, wherein the second request to perform the collaboration function with respect to the first user on the first collaboration service and the second user on the second collaboration service includes an authentication token that is specific to the first collaboration service or the second collaboration service, but not specific to either the first user or the second user, and wherein the second request to perform the collaboration function with respect to the first user on the first collaboration service and the second user on the second collaboration service satisfies requirements of the second API or the third API, but not requirements of the first API, and
cause the second request, that includes the authentication token that is specific to the first collaboration service or the second collaboration service, but not specific to either the first user or the second user, to perform the collaboration function with respect to the first user on the first collaboration service and the second user on the second collaboration service, to be transmitted to the first collaboration service or the second collaboration service.

US Pat. No. 10,250,591

PASSWORD-BASED AUTHENTICATION

International Business Ma...

1. A method, comprising:sending by an access control server an authentication value to at least a subset of a set of authentication servers,
wherein the access control server is one of ??2 servers in a system and the set of authentication servers are others of the ??2 servers,
wherein the access control server stores, for each of a plurality of user IDs, a first ciphertext which has been produced by encrypting a user password associated with a respective user ID under a public key pk using a homomorphic encryption algorithm, and
wherein the sending is performed in response to receipt from a user computer of a user ID and the authentication value which was previously determined using a predetermined function of a first ciphertext for that user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID;
receiving, by the access control server and from each one of the authentication servers in the subset, a decryption share dependent on the authentication value and produced by a corresponding one of the authentication servers using a key-share ski thereof,
wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the ? servers, of a cryptographic key-pair (pk, sk) where pk is the public key of the key-pair;
using by the access control server at least the decryption shares of the subset of the authentication servers to determine if the authentication value decrypts to the predetermined value, if so permitting access to the resource by the user computer.

US Pat. No. 10,250,590

MULTI-FACTOR DEVICE REGISTRATION FOR ESTABLISHING SECURE COMMUNICATION

Samsung Electronics Co., ...

1. A method of improving security of a computer server system through secure device registration, the method comprising:receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;
in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
receiving, by the computer server system, a passcode input from the second device via the second connection;
in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;
in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;
in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;
in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.

US Pat. No. 10,250,589

SYSTEM AND METHOD FOR PROTECTING ACCESS TO AUTHENTICATION SYSTEMS

CyberArk Software Ltd., ...

1. A method of enhancing security of authentication credentials for an authentication system, the method comprising:receiving original authentication credentials from an identity requesting access to a first protected service managed by the authentication system;
generating a first authentication information based at least on i) the original authentication credentials, ii) a first encryption key that depends on at least one password requirement of the authentication system managing the first protected service, iii) the identity requesting access to the first protected service, and iv) an identity associated with the first protected service; and
forwarding the generated first authentication information to the authentication system managing the first protected service.

US Pat. No. 10,250,588

SYSTEMS AND METHODS FOR DETERMINING REPUTATIONS OF DIGITAL CERTIFICATE SIGNERS

Symantec Corporation, Mo...

1. A computer-implemented method for determining reputations of digital certificate signers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a plurality of endpoint devices that have accessed files to which a digital certificate signer has attached digital certificates that assert the files are legitimate;
determining, for each endpoint device, whether a security state of the endpoint device is compromised or uncompromised based on a security analysis of computing events detected on the endpoint device;
classifying the digital certificate signer as potentially malicious by determining that the files were accessed more frequently by endpoint devices with compromised security states than by endpoint devices with uncompromised security states; and
protecting a security state of an additional endpoint device by preventing the additional endpoint device from accessing a file with a digital certificate signed by the digital certificate signer.

US Pat. No. 10,250,587

DETECTING MALICIOUS USAGE OF CERTIFICATES

MICROSOFT TECHNOLOGY LICE...

1. A method for improving network security, comprising:scanning a network to detect certificates deployed within the network;
generating a network map based on the certificates detected as deployed within the network;
comparing the network map to a set of rules;
generating notifications based on the network map relative to the set of rules;
determining whether to change a deployment of certificates in response to the notifications; and
in response to determining to change the deployment of certificates, adjusting the certificates deployed to one or more environments of the network.

US Pat. No. 10,250,586

SECURITY CERTIFICATION AND APPLICATION CATEGORIZATION FOR MOBILE DEVICE MANAGEMENT

SAP SE, Walldorf (DE)

1. A computer-implemented method for managing mobile devices associated with enterprise operations, the method being executed using one or more processors and comprising:receiving, by the one or more processors, a request to access information regarding at least one mobile application for download to and installation on a mobile device of a user, the request comprising an identifier associated with an enterprise, the identifier being unique to the enterprise and distinguishing the enterprise from other enterprises;
receiving, by the one or more processors, a tenant-specific configuration based on the identifier, the tenant-specific configuration comprising a plurality of criteria for mobile applications to be available for download to and installation on mobile devices associated with the enterprise, at least one of the plurality of criteria being associated with vendors of the mobile applications that are independent from the enterprise;
transmitting, by the one or more processors, a request for a list of available mobile applications to an application and certification database, the request comprising the tenant-specific configuration;
receiving, by the one or more processors, the list of available mobile applications, which comprises a subset of mobile applications of a superset of mobile applications, the subset of mobile applications being provided based on the tenant-specific configuration by using automated assessments and integrating an existing certification;
providing, by the one or more processors, graphical representations of each mobile application in the list of available mobile applications for display to the user, the graphical representations being ranked based on at least two different criteria that are selected by the user of the mobile device, the list of available mobile applications further grouped according to the at least two different criteria, at least one of the criteria being a risk of installing each mobile application; and
installing, by the one or more processors and on the mobile device of the user, a mobile application selected from the list of available mobile applications.

US Pat. No. 10,250,585

IDENTITY MIGRATION BETWEEN ORGANIZATIONS

Amazon Technologies, Inc....

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, wherein when executed the program causes the at least one computing device to at least:receive, via an authentication service executed on the at least one computing device, user login information from a client device, the authentication service being operated by a first organization;
identify, via the authentication service, one of a plurality of second organizations for which the authentication service authenticates users;
verify, via the authentication service, that the user login information is correct according to identity data associated with the one of the plurality of second organizations;
return, via the authentication service, an authentication token to the client device, wherein the authentication token is used by the client device to access resources of a network site operated by the one of the plurality of second organizations; and
send, via the authentication service, a customer identifier for the client device to the network site in response to receiving a request for user information from the network site, the customer identifier being used by the network site to initiate a generation of a session token that correlates a plurality of client device interactions with the network site.

US Pat. No. 10,250,584

SYSTEM AND METHOD FOR SINGLE SIGN-ON TECHNICAL SUPPORT ACCESS TO TENANT ACCOUNTS AND DATA IN A MULTI-TENANT PLATFORM

Zuora, Inc., San Mateo, ...

1. A method for single sign-on support access to tenant systems on a multi-tenant service platform, the method including the steps of:providing a plurality of proxy user account identifiers in an identity provider module, each proxy user account identifier of the plurality of proxy user account identifiers configured to assist in identifying a proxy user account configured to assist in accessing a respective tenant system of a plurality of tenant systems on a multi-tenant service platform, each proxy user account identifier of the plurality of proxy user account identifiers having corresponding security metadata associated therewith in the identity provider module, the corresponding security metadata configured to enable a corresponding proxy user account to access a corresponding respective tenant system, a particular proxy user account identifier identifying a particular proxy user account of the plurality of proxy user accounts that is configured to assist in accessing a particular tenant system of the plurality of tenant systems, the particular proxy user account of the plurality of proxy user accounts being dynamically created and configured in response to one or more first trigger events, the one or more first trigger events including the addition of the particular tenant system of the plurality of tenant systems to the multi-tenant service platform;
providing mappings in the identity provider module that map a plurality of support user accounts to the plurality of proxy user account identifiers, at least one first particular mapping of the mappings in the identity provider module mapping a first particular support user account of the plurality of support user accounts to the particular proxy user account identifier, the at least one first particular mapping of the mappings being dynamically mapped in the identity provider module in response to the one or more first trigger events, at least one second particular mapping of the mappings in the identity provider module mapping a second particular support user account of the plurality of support user accounts to a subset of the plurality of proxy user account identifiers, the subset of the plurality of proxy user account identifiers including the particular proxy user account identifier and including less than all of the proxy user account identifiers;
using a security endpoint module in the multi-tenant service platform to assist in connecting each proxy user account of the plurality of proxy user accounts to the respective tenant system of the plurality of tenant systems, the security endpoint module including a mapping that maps each proxy user account of the plurality of proxy user accounts to the respective tenant system of the plurality of tenant systems;
in the identity provider module:
receiving from the second particular support user account a request to access the particular tenant system,
authenticating a second particular support user of the second particular support user account,
confirming that the second particular support user account is authorized to access the particular tenant system by confirming that the second particular support user account is mapped to a particular tenant system identifier associated with the particular tenant system, and
if the second particular support user is authenticated and authorized, sending a security assertion with the particular proxy user account identifier and the corresponding security metadata to the security endpoint module in response to the request; and
in the security endpoint module:
receiving the security assertion, the particular proxy user account identifier, and the corresponding security metadata for the second particular support user,
using the particular proxy user account identifier to identify the particular proxy user account,
using the particular proxy user account and the corresponding security metadata to enable the second particular support user to access the particular tenant system of the plurality of tenant systems without disclosing the corresponding security metadata to the second particular support user, and without allowing the second particular support user to access other tenant systems of the plurality of tenant systems in response to the request,
separately tracking activity of the second particular support user, and
removing at least a portion of the mappings and at least a portion of the security metadata in the identity provider module, the at least a portion of the mappings and the at least a portion of the security metadata corresponding to the second particular support user, the at least a portion of the mappings and the at least a portion of the security metadata being dynamically removed in response to one or more second trigger events, the one or more second trigger events including deactivating the second particular support user account.

US Pat. No. 10,250,583

SYSTEMS AND METHODS TO AUTHENTICATE USERS AND/OR CONTROL ACCESS MADE BY USERS ON A COMPUTER NETWORK USING A GRAPH SCORE

IDM GLOBAL, INC., Palo A...

1. A controller for user authentication and access control, the controller comprising:at least one microprocessor;
a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
memory coupled with the at least one microprocessor and storing:
graph data representing a graph having nodes and links;
wherein the nodes of the graph represent data elements associated with accesses made using access tokens, and
wherein the links of the graph among the nodes of the graph represent connections between the data elements identified in collected data about the accesses;
instructions which, when executed by the at least one microprocessor, cause the controller to:
receive, from the computing site, input data specifying details of an access made using an access token;
update the graph according to the input data;
determine a plurality of measurements of the graph;
compute a score of the graph based on a weighted average of the measurements; and
process the access made using the access token based on the score.

US Pat. No. 10,250,582

SECURE PRIVATE LOCATION BASED SERVICES

Microsoft Technology Lice...

1. A method for providing secure location based services comprising:receiving, from a user device, a set of initial information comprising a beacon identifier;
identifying a set of services to be provided to authorized users based on the beacon identifier;
sending to the user device, an authentication challenge;
receiving from the user device a response to the authentication challenge, the response to the authentication challenge allowing the user of the user device to be identified;
determining whether the response to the authentication challenge is valid;
responsive to the determination that the response to the authentication challenge is valid;
sending information to the user device describing a subset of the set of services that the user is authorized to access; and
providing access to a selected service of the subset; and
responsive to the determination that the response to the authentication challenge is not valid, denying access to the set of services.

US Pat. No. 10,250,581

CLIENT, SERVER, RADIUS CAPABILITY NEGOTIATION METHOD AND SYSTEM BETWEEN CLIENT AND SERVER

ZTE CORPORATION, Shenzhe...

1. A Remote Authentication Dial In User Service (RADIUS) capability negotiation method, comprising:transmitting, by a client, to servers a first message carrying RADIUS capability parameters of the client, wherein the RADIUS capability parameters of the client indicates RADIUS capability supported by the client;
receiving, by the client, a first announcement message carrying at least one of load information or compulsory switching information of the server, after the client transmits the first message to servers;
selecting, by the client, one server for user accessing from severs according to the load information or the compulsory switching information of one or more severs;
receiving, by the client, a second message carrying a result of matching of the RADIUS capability parameters in the first message with RADIUS capability parameters of the server from the server, wherein the RADIUS capability parameters of the server indicates RADIUS capability supported by the server;
determining, by the client, whether to establish effective communication with the selected server according to the matching result in the second message, and
establishing by the client or the server, effective communication between the selected server and the client when the matching result indicates successful matching.

US Pat. No. 10,250,580

OUT-OF BAND REMOTE AUTHENTICATION

Intel Corporation, Santa...

1. An article comprising a non-transient machine-accessible storage medium including instructions that when executed enable a processor-based system to:authenticate a user to a processor-based host, via a third credential, to determine a user authentication status;
transparently authenticate the user to a processor-based first service provider via (a)(i) the user authentication status, (a)(ii) a first credential that is unequal to the third credential, and (a)(iii) a first out-of-band (OOB) communication;
transparently authenticate the user to a processor-based second service provider via (b)(i) the user authentication status, (b)(ii) a second credential that is unequal to either of the first and third credentials, and (b)(iii) a second OOB communication;
in response to a timed-out session with the first service provider, re-authenticate the user to the first service provider (c)(i) transparently to the user and via another OOB communication, and (c)(ii) without re-authenticating the user to the host.

US Pat. No. 10,250,579

SECURE FILE TRANSFERS WITHIN NETWORK-BASED STORAGE

Alcatel Lucent, Boulogne...

1. A first server, comprising:a processor and a memory communicatively connected to the processor, the processor configured to:
generate, by the first server, an announcement message including a link specifying a file location and a file name of a user file stored on the first server for a user, wherein the link has a property of the user encoded therein;
propagate, by the first server, the announcement message for delivery to the user;
receive, by the first server from a second server, a request to establish a secure connection between the first server and the second server;
receive, by the first server from the second server, a request for the user file stored on the first server for the user, wherein the request includes the link;
determine, by the first server based on receipt of the request for the user file from the second server, that the user file is protected by a challenge-response authentication process;
propagate, by the first server toward the second server, a challenge comprising a request for a challenge value associated with the user file;
receive, by the first server from the second server, a challenge response including the challenge value associated with the user file, wherein the challenge value associated with the user file comprises the property of the user;
determine, by the first server based on the link, a comparison value associated with the user file, wherein the comparison value associated with the user file comprises the property of the user; and
propagate the user file from the first server toward the second server via the secure connection based on a determination that the challenge value and the comparison value match.

US Pat. No. 10,250,578

INTERNET KEY EXCHANGE (IKE) FOR SECURE ASSOCIATION BETWEEN DEVICES

QUALCOMM Incorporated, S...

1. A method comprising:performing an Internet Key Exchange (IKE) to create an Internet Protocol security (IPsec) security association (SA) between a first device and a second device based upon both an authentication header (AH) and an encapsulating security payload (ESP), free of creating a child security association, wherein the first device and the second device are configured to communicate through a link; and
allowing information exchanges between the first device and the second device via the link based upon the IPsec SA.

US Pat. No. 10,250,577

SYSTEM AND METHOD FOR AUTHENTICATING AND ENABLING AN ELECTRONIC DEVICE IN AN ELECTRONIC SYSTEM

Anvaya Solutions, Inc., ...

1. An electronic system comprising:a protected device;
a requesting device node, executing on a computing system, the requesting device node including:
a device query data packet generator to generate a device query data packet including data representing trust credentials of the protected device and a particular paired system, the device query data packet including an obfuscation state value and a nonce value; and
an authentication key retriever to obtain an authentication key based on the device query data packet from an authentication provisioning node using an external data communication; and
an obfuscation state machine of the particular paired system configured with a pre-defined quantity of state elements, a pre-defined quantity of the state elements being functional state elements, the obfuscation state machine being programmed with the authentication key to cause the obfuscation state machine to transition the protected device from an initial obfuscation state to a functional state.

US Pat. No. 10,250,576

COMMUNICATION OF MESSAGES OVER NETWORKS

International Business Ma...

1. A system comprising n?2 servers Si, 1?i?n, for communicating messages between sender and receiver computers, connectable to said system via a network, in dependence on authentication of receiver passwords, associated with respective receiver IDs, by the system, wherein each server Si comprises at least one hardware data processor connected with at least one memory that stores software instructions, and wherein execution of the software instructions by the at least one hardware data processor causes each server Si:to store, for each said receiver ID, a first ciphertext produced by encrypting the receiver password associated with that ID under a respective public key via a homomorphic threshold encryption scheme having a threshold t?n, and a key-share ski of a secret key corresponding to that public key;
in response to receipt from a sender computer of an encrypted message, produced by encrypting a message for a said receiver ID under the public key for that ID via said encryption scheme, to store the encrypted message;
in response to receipt from a receiver computer of a said receiver ID, to send said first ciphertext for that ID to the receiver computer and, following receipt from the receiver computer of an authentication value which comprises a predetermined function of that first ciphertext and a second ciphertext produced by encrypting a password attempt under the public key for that ID via said encryption scheme such that the authentication value decrypts to a predetermined value if the password attempt equals the receiver password for that ID, to produce a first decryption share dependent on the authentication value using said key-share ski for that ID; and
in response to receipt of said first decryption share produced by each of (t?1) other servers Si for the authentication value received for said ID, to determine from the t first decryption shares whether the authentication value decrypts to said predetermined value and, if so, to produce a second decryption share of a selected encrypted message using said key-share ski for that ID, and to send the second decryption share to said receiver computer.

US Pat. No. 10,250,575

UTILITY METER FOR METERING A UTILITY CONSUMPTION AND OPTIMIZING UPSTREAM COMMUNICATIONS AND METHOD FOR MANAGING THESE COMMUNICATIONS

NAGRAVISION S.A., Chesea...

1. A device comprising:a data collection module configured to collect device data; and
a communication circuit configured to exchange encrypted messages with a plurality of remote utility management centers; said encrypted messages including downstream messages received from said utility management centers and upstream messages transmitted to said utility management centers;
said device being configured to:
split said upstream messages into control messages and payload messages comprising the device data collected by the data collection module,
encrypt the device data of each of said payload messages as first cryptograms using a payload key shared with said remote utility management centers, and
encrypt each of said control messages as second cryptograms by encrypting the payload key using a first key specific to a single one of the plurality of remote utility management centers; and
said communication circuit being further configured to:
transmit said second cryptograms to a respective one of the remote utility management centers, and
transmit said first cryptograms to at least one of the plurality of remote utility management centers.

US Pat. No. 10,250,574

SYSTEMS AND METHODS FOR ENCODED COMMUNICATIONS

Capital One Services, LLC...

1. A method comprising:receiving, by an encoded communication module of a server system, a communication from a user interface, wherein the encoded communication module further comprises an artificial intelligence based natural language processing module;
receiving, by the server system, user preferences from the user interface, and storing the user preferences on a database communicatively coupled to the server system;
determining, by the encoded communication module, whether the received communication is an encoded communication;
generating, by the encoded communication module, a financial query when it is determined that the received communication is an encoded communication and providing the financial query to a query response module;
determining, by the query response module, a response to the financial query and providing the determined response to the encoded communication module;
encoding, by the encoded communication module, the response to the financial query to generate an encoded responsive communication; and
transmitting, by the server system, the generated encoded responsive communication to the user interface for presentation to a user of the user interface,
wherein at least one of determining whether the received communication is an encoded communication, generating the financial query, and encoding the response to the financial query is based at least in part on the stored user preferences.

US Pat. No. 10,250,573

LEVERAGING TRANSPORT-LAYER CRYPTOGRAPHIC MATERIAL

Amazon Technologies, Inc....

1. A computer-implemented method comprising:establishing a communication channel between a first application and a second application using a cryptographically protected transport layer;
acquiring a shared secret and a session key that are produced as a result of establishing the communication channel using the cryptographically protected transport layer;
deriving an application-layer cryptographic key based at least in part on the shared secret;
receiving encrypted application data from the second application, the encrypted application data encrypted with the application-layer cryptographic key and the session key;
decrypting the encrypted application data with the session key to produce intermediate encrypted data;
decrypting the intermediate encrypted data with the application-layer cryptographic key to recover plain text application data; and
providing the plain text application data to the first application.

US Pat. No. 10,250,572

LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

Amazon Technologies, Inc....

1. A method of providing configurable hardware, the method comprising:receiving a first request to generate configuration data for a field-programmable gate array (FPGA), the first request comprising a reference to a hardware design specifying application logic for implementation on the FPGA, the FPGA comprising host logic and the application logic when the FPGA is configured;
generating a validated bitstream based on the application logic and the host logic, the validated bitstream specifying the configuration data for the FPGA;
encrypting the validated bitstream to generate an encrypted bitstream;
signing the encrypted bitstream using a private key to generate a signed encrypted bitstream, the signed encrypted bitstream comprising a signature and the encrypted bitstream;
transmitting the signed encrypted bitstream to a host server computer in communication with a particular FPGA;
verifying the signature of the signed encrypted bitstream using a public key;
decrypting the encrypted bitstream to generate the validated bitstream; and
programming the particular FPGA with the validated bitstream so that the particular FPGA is configured with the host logic and the application logic.

US Pat. No. 10,250,571

SYSTEMS AND METHODS FOR OFFLOADING IPSEC PROCESSING TO AN EMBEDDED NETWORKING DEVICE

Cavium, LLC, Santa Clara...

1. A system to support offloading of IPSec operations on network traffic comprising:a host running one or more virtual machines (VMs) and configured to:
identify a VM running on the host that requires secured communication with a remote client device;
offload one or more Internet Protocol Security (IPSec) operations of a plurality of data packets exchanged between the VM and the remote client device to an external embedded networking device, wherein the embedded networking device is a hardware-based, software-programmable Network Interface Card (NIC), wherein the NIC is a multi-core network packet processing engine and the NIC includes a IPSec processing component, a network interface component, and a virtual switch component, each component running on independent cores of the multi-core network, and wherein the NIC is configured to:
encrypt the data packets in a tunnel mode if an IPSec policy is found;
send the encrypted data packets to a IPSec VM based on a destination Media Access Control (MAC);
decrypt IPSec-processed packets received by the NIC on a return path from the remote client device if a security association (SA) is found for a corresponding Security Parameter Index (SPI) in the IPSec-processed packets;
send the decrypted packets to the VMs via the IPSec VM after a MAC lookup of the decrypted packets;
perform the offloaded IPSec operations to process the data packets from the VM running on the host that requires secured communication with the remote client device;
support flexible packet processing at various input/output rates; and
transmit the IPSec-processed data packets to the remote client device over a network without returning the data packets back to the host before they are transmitted over the network.

US Pat. No. 10,250,570

SEPARATED INTELLIGENT CONTROL SYSTEM AND METHOD THEREOF

1. A separated intelligent control system comprising a wireless networking intelligent controller, said wireless networking intelligent controller comprising:a wireless networking unit for performing network communication;
a microprocessor connected with said wireless networking unit for data transmission via said wireless networking unit, said data comprising programs or instructions; and
at least one multi-use interface, said multi-use interface comprising a plurality of pins, said plurality of pins being connected to said microprocessor; said microprocessor being used to change function of said plurality of pins of said multi-use interface via firmware;
wherein the separated intelligent control system further comprises an external module connected to said multi-use interface, and said external module comprises a power switch controller or sensor.

US Pat. No. 10,250,569

SECURE REGISTRATION TO A SERVICE PROVIDED BY A WEB SERVER

Alcatel Lucent, Paris (F...

1. A method for controlling a secure registration for a service provided by a web server from a communication terminal in a telecommunications network, comprising: in response to a connection by the communication terminal to the web server that prompted a user to provide an email address, saving, at the web server, a dynamically generated code associated with an Internet Protocol (IP) address of the communication terminal and transmitting a message containing the code to the email address provided by the user; automatically transmitting, at the web server, an application to the communication terminal that automatically installs the application, the application being capable of generating an automated test to distinguish computers from humans and capable of transmitting an answer to the test directly to the web server; decrypting, at the web server, an answer provided by the user to a test generated by the application and received from the communication terminal, the answer being encrypted with the IP address of the communication terminal and the code contained within the message transmitted to the email address provided by the user; and comparing, at the web server, the decrypted answer with an expected answer to allow the user access to the web server on a condition that the decrypted answer matches the expected answer.

US Pat. No. 10,250,568

METHODS AND SYSTEMS FOR CONCEALING INFORMATION

1. A method for concealing information comprising a sequence of symbols, the method comprising the steps of:a concealing system, the concealing system comprising a network interface in communication with the internet and an encoder, obtaining location information obtained using a Uniform Resource Locator (URL);
the concealing system obtaining rule information from a location indicated by the location information, the rule information being indicative of a rule for discarding a plurality of symbols;
the concealing system using the rule information obtained to configure the encoder; and
the encoder forming concealed information by applying to the information comprising the sequence of symbols at least one encoder rule determined by the configuration of the encoder.

US Pat. No. 10,250,567

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication apparatus comprising:a receiver that receives a beacon frame from a first wireless communication apparatus belonging to a basic service set (BSS), the beacon frame including a value indicating a first encryption method, the first encryption method used by the BSS to protect at least one of a broadcast or a multicast, wherein the wireless communication apparatus supports a second encryption method; and
a transmitter that:
transmits an association request frame, to establish a connection with the first wireless communication apparatus, to the first wireless communication apparatus prior to completion of establishment of the connection with the first wireless communication apparatus, the association request frame including a value indicating the second encryption method, if the second encryption method is equal to the first encryption method,
declines to establish the connection with the first wireless communication apparatus, if the second encryption method is not equal to the first encryption method, and
transmits a data frame including a frame body, the frame body including data encrypted by the second encryption method, after a reception of an association response frame including a status code that indicates success of the connection with the first wireless communication apparatus,
wherein the association request frame includes a frame control field and a frame body, the frame body includes the second value, the frame control field includes a type field, and the type field includes a value indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,566

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication terminal configured to belong to a first communication group, the wireless communication terminal comprising:an antenna;
a memory configured to store a first encryption method used by the first communication group to protect at least one of broadcast communication or multicast communication in the first communication group;
a transmitter configured to transmit, via the antenna, a beacon frame including information of the first encryption method;
a receiver configured to receive, via the antenna, an association request frame from a first wireless communication apparatus, the association request frame including information of a second encryption method supported by the first wireless communication apparatus; and
circuitry configured to, prior to completion of establishment of a connection between the wireless terminal and the first wireless communication apparatus, check whether the second encryption method is equal to the first encryption method to determine whether a request of the association request frame is permitted or rejected,
wherein the transmitter is further configured to transmit, via the antenna, an association response frame indicating either one of an association successful or an association failure, and the connection between the wireless communication terminal and the first wireless communication apparatus is not established,
wherein the receiver is further configured to receive, via the antenna, a data frame after a transmission of the association response frame indicating the association successful and the completion of establishment of the connection between the wireless communication terminal and the first wireless communication apparatus, a frame body of the data frame including data encrypted by the second encryption method, the data frame is either one of broadcast communication or multicast communication in the first communication group, and one of destinations of the data frame is the wireless communication terminal, and
wherein the association request frame includes a frame control field and a frame body, the frame body includes the information of the second encryption method, the frame control field includes a type field, and the type field includes information indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,565

SERVICE LAYER DEVICE LOCATION MANAGEMENT AND PRIVACY CONTROL

Convida Wireless, LLC, W...

1. A server implementing a service layer in a communication network, the server comprising a computer memory containing instructions and a computer processor which executes the instructions, wherein the server is arranged:to receive information from a first device via the communication network, the information comprising location information and a privacy policy of the first device, where the privacy policy comprises a service advertising rule and criteria relating to an identity of a second device, a distance, or a relationship among two or more devices;
to apply the privacy policy to information known to the server regarding a set of devices, the set comprising the first device, the second device, or other devices;
to receive, from the first device, information regarding a service advertised by the first device, where the service advertised by the first device is performing a function;
to receive information from the second device and other devices in the set of devices, wherein the information comprising a privacy policy, wherein the privacy policy of the second device or other devices in the set of devices comprises criteria relating to an identity of another device, a distance, or a relationship among two or more devices;
to choose from the second device and other devices in the set of devices those devices that meet either one of the criteria and the service advertising rule of the privacy policy of the first device;
to push to the chosen devices via the communication network the location information of the first device, when the chosen devices meet the criteria of the privacy policy of the first device; and
to publish to the chosen devices via the communication network the information of the service advertised by the first device, when the chosen devices meet the service advertising rule of the privacy policy of the first device,
wherein the information of the service advertised by the first device is published by the server to the chosen device according to privacy policy of the chosen devices.

US Pat. No. 10,250,564

DYNAMICALLY ALLOWING TRAFFIC FLOW THROUGH A FIREWALL TO ALLOW AN APPLICATION SERVER DEVICE TO PERFORM MOBILE-TERMINATED COMMUNICATIONS

Verizon Patent and Licens...

1. A network device, comprising:one or more memories; and
one or more hardware processors, communicatively coupled to the one or more memories, to:
receive, from another network device, a flow control request for user equipment (UE) that is registered for an internet protocol (IP) pinhole service,
the IP pinhole service allowing traffic flow through a firewall, and
the flow control request including a device identifier associated with the UE and a private IP address;
identify, after receiving the flow control request, at least one of IP address information, port information, or one or more pinhole rules associated with the IP pinhole service,
the IP address information including a public IP address and the port information including a public port identifier;
provide, to the other network device, a flow control response that includes at least one of the IP address information, the port information, or the one or more pinhole rules,
the flow control response causing the other network device to provide a first instruction to the firewall to allow traffic flow through the firewall using the at least one of the IP address information, the port information, or the one or more pinhole rules; and
provide the public IP address and the public port identifier to an application server device to cause the application server device to provide traffic to the other network device,
the other network device to translate the public IP address and the public port identifier to the private IP address and a private port identifier associated with the UE, and
the other network device to provide the traffic to the UE.

US Pat. No. 10,250,563

SECURE DEVICE AND PROXY FOR SECURE OPERATION OF A HOST DATA PROCESSING SYSTEM

ZANGULI LLC, Boca Raton,...

1. A method comprising:generating, using a processor, a first proxy and a first proxy companion paired with the first proxy;
providing the first proxy to a host data processing system for execution therein;
wherein the first proxy in the host data processing system and the first proxy companion communicate;
detecting a proxy change event for the host data processing system; and
responsive to the detecting, generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for execution therein.

US Pat. No. 10,250,562

ROUTE SIGNALING DRIVEN SERVICE MANAGEMENT

Juniper Networks, Inc., ...

15. A service gateway system, comprising:a network; and
a plurality of service gateway network devices connected by the network, wherein the plurality of service gateway network devices includes a first service gateway network device and a second service gateway network device, wherein each service gateway network device includes a memory and one or more processors connected to the memory, wherein the one or more processors are configured to:
receive configuration information defining a redundancy set having a master redundancy state and a standby redundancy state, wherein the configuration information includes one or more redundancy policies associated with the redundancy set, the one or more redundancy policies including a service redundancy policy that defines changes to be made in a service when a transition occurs in the state of the redundancy set;
receive configuration information defining events that cause a transition between the master and standby redundancy states in the redundancy set, wherein the events include a first event that causes a transition from the master redundancy state to the standby redundancy state in the redundancy set;
store a plurality of signal-routes, including a first signal-route, wherein each signal-route is a route used by applications to signal changes in application state and wherein each signal-route is associated with one or more of the defined events, wherein the first signal-route is associated with the first event; and
in response to detecting the first event in the service gateway:
transition the redundancy set, within the service gateway, from the master redundancy state to the standby redundancy state;
modify a first signal-route state associated with the redundancy set, wherein modifying includes adding the first signal-route to or removing the first signal-route from a routing information base and advertising, from the service gateway and to peer network devices, the change in the routing information base; and
modify the service based on the service redundancy policy.

US Pat. No. 10,250,561

COMMUNICATION APPARATUS AND COMMUNICATION CONTROL APPARATUS

FUJITSU LIMITED, Kawasak...

1. A communication apparatus comprising:a memory, and
a processor configured to transmit a plurality of second packets obtained from a plurality of first packets, wherein each of the plurality of first packets includes a header including a first field, and a payload, and includes first information stored in the first field, and the plurality of first packets include common identification information that enables flow identification, and wherein each of the plurality of second packets includes second information in the first field instead of the first information, and includes the first information inserted in the payload, and a value of the second information is different between at least two packet groups from among the plurality of first packets,
wherein the processor configured to transmit at least one dummy packet mixed with the plurality of second packets, the at least one dummy packet being not included in the plurality of first packets and storing information indicating a dummy packet.

US Pat. No. 10,250,560

NETWORK SECURITY METHOD AND DEVICE USING IP ADDRESS

SOOSAN INT CO., LTD., Se...

1. A network security method implemented by a network security device, comprising:maintaining information related to a blocked country with which data communication is to be blocked, in a blocked country database (DB);
identifying an external Internet Protocol (IP) address by extracting at least one of a source IP address and a destination IP address of a communication packet transmitted on a network;
identifying a country to which the identified external IP address belongs;
blocking the communication packet when the identified country corresponds to the blocked country;
maintaining a country and an IP address corresponding to the country in a the country-by-country IP DB; and
identifying a country corresponding to the identified external IP address by referring to the country-by-country IP DB,
wherein the maintaining comprises:
registering all countries as blocked countries in the blocked country DB;
excluding a first country from the blocked countries in the blocked country DB when at least a predetermined first number of packets are transmitted to and received from the first country during a predetermined first time period;
displaying the first country to an administrator when at least the predetermined first number of packets are transmitted to and received from the first country during the predetermined first time period; and
excluding the first country from the blocked countries in the blocked country DB in accordance with an instruction of the administrator,
wherein the maintaining comprises registering the first country as the blocked country in the blocked country DB when at least a predetermined second number of packets are received from and transmitted to, the first country during a predetermined second time period.

US Pat. No. 10,250,559

REVERSIBLE MAPPING OF NETWORK ADDRESSES IN MULTIPLE NETWORK ENVIRONMENTS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first network packet from a client device in a first network, wherein
the first network packet comprises an internal source address, and
the internal source address is a network address of the client device in the first network;
generating a value by executing a hashing function, wherein
the hashing function is reversible by a reverse hashing operation, and
the hashing function associates an external source address with the internal source address by virtue of generating the value based, at least in part, on the internal source address, and
at least a portion of the external source address;
generating a second network packet, wherein
the generating the second network packet comprises
including the external source address in the second network packet, and
including the value in the second network packet,
the external source address is a network address in a second network,
the external source address is associated with the internal source address by the at least the portion of the value, and
the hashing function generates the value such that, upon receipt of a third network packet comprising the value and a destination address, execution of the reverse hashing operation on the value produces the internal source address and the at least the portion of the external source address, such that the third network packet is transmitted to the internal source address, if a comparison between at least a portion of the destination address and the at least the portion of the external source address indicates that the destination address and the external source address are the same;
transmitting the second network packet into the second network; and
upon receipt of the third network packet,
recovering the internal source address and the at least the portion of the external source address by executing the reverse hashing operation, wherein the executing the reverse hashing operation recovers the internal source address without accessing any data structure that is external to both the reverse hashing operation and the third network packet,
determining whether the at least the portion of the external source address and at least a portion of the destination address are the same, and
in response to a determination that the at least the portion of the external source address and the at least the portion of the destination address are the same, transmitting at least a portion of the third network packet to the internal source address.

US Pat. No. 10,250,558

METHOD AND APPARATUS FOR TRIGGERING DEVICES AND DELIVERING SMALL DATA

IOT Holdings, Inc., Wilm...

1. A method, implemented by a machine-type communication interworking function (MTC-IWF), for delivering a data payload, the method comprising:receiving the data payload;
sending a subscriber information request to determine whether a wireless transmit/receive unit (WTRU) is present;
receiving, from a mobility management entity (MME), an identity of a packet data network gateway (P-GW) indicating that the WTRU is present; and
upon receiving the identity of the P-GW from the MME, sending the received data payload to the P-GW over a diameter based Txx interface that is between the MTC-IWF and the P-GW, wherein sending the received data payload enables the P-GW to create an Internet Protocol (IP) packet with an IP address comprising the received data payload and enables the P-GW to deliver the IP packet to the WTRU using the IP address and a default or dedicated bearer of the WTRU.

US Pat. No. 10,250,557

ENABLING MULTI-REALM SERVICE ACCESS FOR A SINGLE IP STACK UE

NOKIA SOLUTIONS AND NETWO...

1. An apparatus comprising:a connection unit configured to provide connection of a user equipment to a first network in a first address realm, wherein the user equipment is located within the first address realm, and
a processor configured:
to serve the user equipment based on a first address in the first network,
to request a second address in a second address realm,
to detect the second address to be used by the user equipment for a service in the second address realm, the second address realm being separately located from the first address realm,
to store the second address together with the first address,
to inform a network policy control element controlling policy in connection with the service in the second address realm about the second address,
to receive a credit control acknowledgment message,
to perform service specific signaling with the first address realm,
to receive a re-authorization request message after the first and second addresses being matched when carrying policy control functions triggers an authentication and/or authorization answer message,
to send a re-authorization answer message to the network policy control element, and
to provide bearers for both internet services located in the first address realm and operator services located in the second address realm simultaneously,
wherein the network policy control element is located outside of the first address realm,
wherein the user equipment is defined in the first address realm, and
wherein the service is defined in the second address realm.

US Pat. No. 10,250,556

SYSTEMS AND METHODS FOR ALLOCATING COMMUNICATION RESOURCES VIA INFORMATION TECHNOLOGY INFRASTRUCTURE

Google LLC, Mountain Vie...

1. A system to allocate communication resources via information technology infrastructure, comprising:a memory having instructions stored thereon; and
one or more processors configured to, in response to executing the instructions:
receive, responsive to a triggering event associated with a webpage accessed by a computing device, a request to allocate a virtual phone number, the request associated with a communication endpoint identifier, a site identifier associated with the webpage or a web site comprising the webpage, and a bucket identifier determined based on bucketing criteria associated with the web site;
identify a number of active sessions corresponding to the web site;
determine that the number of active sessions is greater than or equal to a threshold;
switch from using session identifiers to bucket identifiers responsive to the determination that the number of active sessions is greater than or equal to the threshold;
determine, responsive to the switch, to assign a virtual phone number to a combination of the communication endpoint identifier, the site identifier, and the bucket identifier associated with the request;
identify, in a map data structure, a link between the virtual phone number and the combination of the communication endpoint identifier, the site identifier, and the bucket identifier associated with the request; and
provide the assigned virtual phone number to the computing device prior to termination of the link.

US Pat. No. 10,250,555

METHODS AND SYSTEMS FOR IMPLEMENTING VERY LARGE DNS ZONES

BLUECAT NETWORKS, INC., ...

1. A method of registering DNS hostnames of Internet host devices for a very large domain zone (VLZ) stored on a DNS server on a network, wherein the Internet host devices collectively define a load of the VLZ and further wherein each Internet host device has an original fully qualified domain name (FQDN), comprising:instructions stored in non-transitory memory that, when executed by a processor, cause the processor to perform steps including:
defining a pseudo-zone that represents the VLZ, wherein the pseudo-zone is a unique map from each original FQDN into a hierarchy of a plurality of subzones, each containing a pre-determined number of the Internet host devices such that the load of the VLZ is effectively distributed across multiple servers that are separate but operatively connected to the Internet;
intercepting DNS updates to the pseudo-zone;
mapping the entries in the pseudo-zone into a hierarchy of real parent zones and subzones using a mapping formula, wherein the mapping formula includes a hash function used to establish the plurality of subzones in the pseudo-zone; and
translating DNS updates to the pseudo-zone from the original FQDN into at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server.

US Pat. No. 10,250,554

METHODS, SYSTEMS, AND PRODUCTS FOR MONITORING DOMAIN NAME SERVERS

1. A method, comprising:capturing, by a server, a query requesting a domain name resolution of a domain name;
capturing, by the server, a response to the query, the response generated after performing the domain name resolution;
determining, by the server, a response time of the domain name resolution exceeds a threshold value;
inferring, by the server, that the domain name was not locally cached based on the response time that exceeds the threshold value;
categorizing, by the server, the response in a single category in which the domain name successfully resolved to an Internet Protocol address; and
uniquely categorizing, by the server, the query in which the domain name failed to resolve according to the domain name resolution.

US Pat. No. 10,250,553

ARP OFFLOADING FOR MANAGED HARDWARE FORWARDING ELEMENTS

NICIRA, Inc., Palo Alto,...

1. A non-transitory machine readable medium storing a service node program for processing address resolution protocol (ARP) in a network comprising a plurality of managed software forwarding elements (MSFE) and at least one managed hardware forwarding element (MHFE), the program comprising sets of instructions for:at a service node,
receiving an ARP request from the MHFE;
determining whether a layer 2 (L2) address for replying to the ARP request is stored locally at the service node;
when the L2 address is not stored locally, replicating the ARP request and sending the replicated ARP request to a set of MSFEs;
providing the L2 address to the MHFE when the L2 address is stored locally or when the L2 address is received from one of the MSFEs.

US Pat. No. 10,250,552

L3VPN SERVICE WITH SINGLE IGP/BGP SESSION FROM A MULTI-HOMED CE WITH FAST CONVERGENCE USING EVPN

Cisco Technology, Inc., ...

1. A computer-implemented method for assisting provision of a Layer 3 Virtual Private Network (L3VPN) service using Ethernet VPN (EVPN) for a customer edge (CE) device multi-homed to a plurality of provider edge (PE) devices and operating in a single-active redundancy mode, the method comprising:establishing a communication session between said CE device and a provider edge (PE) device elected, out of said plurality of PE devices, to be a designated forwarder (DF) for said CE device (DF PE device), wherein each of said plurality of PE devices are configured with a same anycast overlay address;
receiving at said DF PE device from said CE device, over said communication session, one or more messages comprising host Internet Protocol (IP) prefixes reachable via said CE device;
sending, by said DF PE device, one or more route advertisement messages advertising the host IP prefixes received at said DF PE device from said CE device, each route advertisement message comprising an indication of said CE device;
detecting, by said DF PE device, a failure of said communication session between the DF PE device and said CE device; and
in response to the failure of said communication session, withdrawing a pseudowire used by said communication session, wherein withdrawing the pseudowire triggers one of the other non-DF PE devices to establish a second communication session with said CE device.

US Pat. No. 10,250,551

METHOD AND APPARATUS FOR EXPIRING MESSAGES IN ELECTRONIC COMMUNICATIONS

GOOGLE LLC, Mountain Vie...

1. A method comprising:receiving, at one of one or more servers, an electronic communication from a source client device, the electronic communication including a message;
temporarily storing, on a non-durable storage media accessible by at least one of the one or more servers, content of the message;
notifying, by at least one of the one or more servers, a recipient client device of availability of the message;
determining an occurrence of at least one of a first expiration event and a second expiration event, wherein:
the first expiration event includes expiration of an amount of time to live associated with the message as defined on at least one of the one or more servers, and
the second expiration event includes number of times of access of the message as defined on at least one of the one or more servers, based on input received from the recipient client device;
in response to determining the occurrence of the at least one of the first expiration event and the second expiration event, causing the content of the message to be deleted from the non-durable storage media; and
after deletion of the content of the message from the non-durable storage media, notifying the recipient client device that the message is unavailable.